<!DOCTYPE html>
<html lang="en-US" dir="ltr" class="no-js">
	<head>
		<meta charset="UTF-8" />
		<meta name="viewport" content="width=device-width, initial-scale=1" />
		<script>(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);</script>
<script>(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);</script>
<link rel="shortcut icon" href="https://c.s-microsoft.com/favicon.ico?v2" type="image/x-icon" />
		<link rel="dns-prefetch" href="//target.microsoft.com">
		<link rel="dns-prefetch" href="//microsoftmscompoc.tt.omtrdc.net">
					<meta name="awa-pageType" content="Post">
						<meta name="awa-market" content="en-us">
						<meta name="awa-env" content="Production">
						<meta name="awa‐asst" content="132014">
						<meta name="awa-xtopic" content="Incident response,Threat intelligence">
						<meta name="awa-xtag" content="Adversary-in-the-middle (AiTM),Credential theft,Elevation of privilege,Extortion,Human-operated ransomware,Ransomware as a service,Tempest">
						<meta name="awa-xproduct" content="Microsoft Defender,Microsoft Defender Experts for Hunting,Microsoft Defender for Cloud,Microsoft Defender for Cloud Apps,Microsoft Defender for Endpoint,Microsoft Defender for Identity,Microsoft Defender Threat Intelligence,Microsoft Defender XDR,Microsoft Incident Response,Microsoft Security Experts,Microsoft Sentinel">
						<meta name="awa-xtype" content="Research">
						<meta name="awa-xintelligence" content="Attacker techniques, tools, and infrastructure,Cybercrime,Ransomware,Social engineering / phishing,Threat actors">
						<meta name="awa-pgauth" content="Microsoft Incident Response, Microsoft Threat Intelligence">
						<meta name="awa-publishedDate" content="20231025">
			<meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' />
	<script>

		// Define Adobe Target Property
		var at_property = "beedee45-3f39-f022-9e83-653d86f7267c";  // Workspace Name

		! function () {
			window.tt_getCookie = function (t) {
				var e = RegExp(t + "[^;]+").exec(document.cookie);
				return decodeURIComponent(e ? e.toString().replace(/^[^=]+./, "") : "")
			}
			var t = tt_getCookie("MC1"),
				e = tt_getCookie("MSFPC");
			function o(t) {
				return t.split("=")[1].slice(0, 32)
			}
			var n = "";
			if ("" != t) n = o(t);
			else if ("" != e) n = o(e);
			if (n.length > 0) var r = n;
			if (n.length > 0 && at_property != "") {
				window.targetPageParams = function () {
					return {
						"mbox3rdPartyId": r,
						"at_property": at_property
					}
				}
			} else if (at_property != "") {
				window.targetPageParams = function () {
					return {
						"at_property": at_property
					}
				}
			}
		}();

		// ContentSquare functions
		function isEmpty(val) { return (val === undefined || val == null || val.length <= 0) ? true : false; } function key(obj) { return Object.keys(obj) .map(function(k) { return k + "" + obj[k]; }) .join(""); } function distinct(arr) { var result = arr.reduce(function(acc, e) { acc[key(e)] = e; return acc;}, {}); return Object.keys(result) .map(function(k) { return result[k]; }); }

		// Adobe Analytics data collection / ContentSquare ttMeta Object **DO NOT ALTER**
		var tnt_response = "";

		document.addEventListener("at-request-succeeded", function (e) {
			if (e.detail.analyticsDetails != undefined) {

				/*** 1DS ***/
				window.check1DS = function (j) { // function to check either 1DS or JSLL
					if (analytics != undefined && typeof analytics.isInitialized == 'function' && analytics.isInitialized()) { // Check for 1DS
						tnt_response = e.detail;

						//ContentUpdate Event with Target Friendly names
						if (e.detail.responseTokens != undefined) { //checks for friendly name data from response tokens
							console.log("1DS - present with response tokens");

							//ContentUpdate Event with tnta
							analytics.captureContentUpdate(
								{
									actionType: "A",
									behavior: "12",
									content: JSON.stringify({}),
									pageTags: {
										tnta: (tnt_response && tnt_response.analyticsDetails[0] ? tnt_response.analyticsDetails[0].payload.tnta : ''), //a4t data payload
									}
								}
							)

							var tt_activityCount = e.detail.responseTokens.length;
							for (i = 0; i < tt_activityCount; i++) {
								//1DS Content Update
								console.log('1DS - started captureContentCall - i=' + i);
								analytics.captureContentUpdate(
									{
										actionType: "A",
										behavior: "12",
										content: JSON.stringify({}),
										pageTags: {
											tnta: '',  // null out tnta to prevent duplicate A4T hits
											at_activity_name: (tnt_response && tnt_response.responseTokens[i] ? tnt_response.responseTokens[i]["activity.name"] : ''), //friendly name target activity
											at_exp_name: (tnt_response && tnt_response.responseTokens[i] ? tnt_response.responseTokens[i]["experience.name"] : ''), // friendly name target experience
											at_activity_id: (tnt_response && tnt_response.responseTokens[i] ? tnt_response.responseTokens[i]["activity.id"] : ''),
											at_exp_id: (tnt_response && tnt_response.responseTokens[i] ? tnt_response.responseTokens[i]["experience.id"] : '')
										}
									}
								)
							}

							console.log('1DS - completed captureContentCall');
							// ttMETA object set for ContentSquare pickup
							window.ttMETA = typeof(window.ttMETA) != "undefined" ? window.ttMETA : []; var tokens = e.detail.responseTokens; if (isEmpty(tokens)) { return; } var uniqueTokens = distinct(tokens); uniqueTokens.forEach(function(token) { window.ttMETA.push({ 'CampaignName': token["activity.name"], 'CampaignId': token["activity.id"], 'RecipeName': token["experience.name"], 'RecipeId': token["experience.id"], 'OfferId': token["option.id"], 'OfferName': token["option.name"] }); });
						} else {
							console.log("1DS - present, no response tokens");
						}

					} else {
						console.log('1DS - looping 1DS check');
						if(j < 40) {
							j++;
							setTimeout(function(){check1DS(j)}, 250);
							console.log('1DS - looping 1DS check - loop j=' + j);
						}
					}
				};
				check1DS(1);
				/*** /1DS ***/

			}

		});
	</script>
	<script>
		function adobeTargetTracking() {
			var s = document.createElement( 'script' );
			var src = "https://www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-metrics/assets/js/at.2.9.0.js";
			s.setAttribute( 'src', src );
			document.body.appendChild( s );
		}
	</script>
	<!-- Adobe Target -->


	
	<!-- This site is optimized with the Yoast SEO plugin v21.8.1 - https://yoast.com/wordpress/plugins/seo/ -->
	<title>Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction | Microsoft Security Blog</title>
	<link rel="canonical" href="https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/" />
	<meta property="og:locale" content="en_US" />
	<meta property="og:type" content="article" />
	<meta property="og:title" content="Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction | Microsoft Security Blog" />
	<meta property="og:description" content="Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries." />
	<meta property="og:url" content="https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/" />
	<meta property="og:site_name" content="Microsoft Security Blog" />
	<meta property="article:published_time" content="2023-10-25T16:30:00+00:00" />
	<meta property="article:modified_time" content="2023-11-15T18:40:04+00:00" />
	<meta property="og:image" content="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Octo-Tempest-evolution-social-n.png" />
	<meta property="og:image:width" content="1500" />
	<meta property="og:image:height" content="855" />
	<meta property="og:image:type" content="image/png" />
	<meta name="author" content="Microsoft Incident Response, Microsoft Threat Intelligence" />
	<meta name="twitter:card" content="summary_large_image" />
	<meta name="twitter:image" content="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Octo-Tempest-evolution-social-n.png" />
	<meta name="twitter:label1" content="Written by" />
	<meta name="twitter:data1" content="Microsoft Incident Response, Microsoft Threat Intelligence" />
	<meta name="twitter:label2" content="Est. reading time" />
	<meta name="twitter:data2" content="17 minutes" />
	<script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"Article","@id":"https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/#article","isPartOf":{"@id":"https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/"},"author":[{"@id":"https://www.microsoft.com/en-us/security/blog/#/schema/person/image/c464cb735cf7a0417992bee9f2eb0b99"},{"@id":"https://www.microsoft.com/en-us/security/blog/#/schema/person/image/f60c121ba0e7c0dcb75487c559ea289e"}],"headline":"Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction","datePublished":"2023-10-25T16:30:00+00:00","dateModified":"2023-11-15T18:40:04+00:00","mainEntityOfPage":{"@id":"https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/"},"wordCount":4311,"publisher":{"@id":"https://www.microsoft.com/en-us/security/blog/#organization"},"image":{"@id":"https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/#primaryimage"},"thumbnailUrl":"https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/CLO20b_Alain_Jean_Cafe_001-scaled.jpg","keywords":["Adversary-in-the-middle (AiTM)","Credential theft","Elevation of privilege","Extortion","Human-operated ransomware","Ransomware as a service","Tempest"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/","url":"https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/","name":"Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction | Microsoft Security Blog","isPartOf":{"@id":"https://www.microsoft.com/en-us/security/blog/#website"},"primaryImageOfPage":{"@id":"https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/#primaryimage"},"image":{"@id":"https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/#primaryimage"},"thumbnailUrl":"https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/CLO20b_Alain_Jean_Cafe_001-scaled.jpg","datePublished":"2023-10-25T16:30:00+00:00","dateModified":"2023-11-15T18:40:04+00:00","breadcrumb":{"@id":"https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/#primaryimage","url":"https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/CLO20b_Alain_Jean_Cafe_001-scaled.jpg","contentUrl":"https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/CLO20b_Alain_Jean_Cafe_001-scaled.jpg","width":2560,"height":1707,"caption":"a man sitting in front of a laptop computer"},{"@type":"BreadcrumbList","@id":"https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.microsoft.com/en-us/security/blog/"},{"@type":"ListItem","position":2,"name":"Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction"}]},{"@type":"WebSite","@id":"https://www.microsoft.com/en-us/security/blog/#website","url":"https://www.microsoft.com/en-us/security/blog/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https://www.microsoft.com/en-us/security/blog/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://www.microsoft.com/en-us/security/blog/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https://www.microsoft.com/en-us/security/blog/#organization","name":"Microsoft Security Blog","url":"https://www.microsoft.com/en-us/security/blog/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.microsoft.com/en-us/security/blog/#/schema/logo/image/","url":"https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2018/08/cropped-cropped-microsoft_logo_element.png","contentUrl":"https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2018/08/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https://www.microsoft.com/en-us/security/blog/#/schema/logo/image/"}},{"@type":"Person","@id":"https://www.microsoft.com/en-us/security/blog/#/schema/person/image/c464cb735cf7a0417992bee9f2eb0b99","name":"Microsoft Incident Response","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.microsoft.com/en-us/security/blog/#/schema/person/image/827d7f22f1f23baabd1a5542e32d8586","url":"https://secure.gravatar.com/avatar/?s=96&d=microsoft&r=g","contentUrl":"https://secure.gravatar.com/avatar/?s=96&d=microsoft&r=g","caption":"Microsoft Incident Response"},"url":"https://www.microsoft.com/en-us/security/blog/author/detection-and-response-team-dart/"},{"@type":"Person","@id":"https://www.microsoft.com/en-us/security/blog/#/schema/person/image/f60c121ba0e7c0dcb75487c559ea289e","name":"Microsoft Threat Intelligence","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.microsoft.com/en-us/security/blog/#/schema/person/image/827d7f22f1f23baabd1a5542e32d8586","url":"https://secure.gravatar.com/avatar/?s=96&d=microsoft&r=g","contentUrl":"https://secure.gravatar.com/avatar/?s=96&d=microsoft&r=g","caption":"Microsoft Threat Intelligence"},"url":"https://www.microsoft.com/en-us/security/blog/author/microsoft-security-threat-intelligence/"}]}</script>
	<!-- / Yoast SEO plugin. -->


<link rel='dns-prefetch' href='//wcpstatic.microsoft.com' />
<link rel='dns-prefetch' href='//www.microsoft.com' />
<link rel='dns-prefetch' href='//js.monitor.azure.com' />
<link rel="alternate" type="application/rss+xml" title="Microsoft Security Blog &raquo; Feed" href="https://www.microsoft.com/en-us/security/blog/feed/" />
<link rel="alternate" type="application/rss+xml" title="Microsoft Security Blog &raquo; Comments Feed" href="https://www.microsoft.com/en-us/security/blog/comments/feed/" />
<link rel='stylesheet' id='wp-block-library-css' href='https://www.microsoft.com/en-us/security/blog/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3' type='text/css' media='all' />
<style id='global-styles-inline-css' type='text/css'>
body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}.wp-block-msxcm-cta-block{--wp--preset--color--material-color-brand-dark: #243a5e;--wp--preset--color--material-color-dark-bg-green: #107c10;--wp--preset--color--material-color-dark-bg-dark-orange: #6B2929;}body { margin: 0;--wp--style--global--content-size: 724px;--wp--style--global--wide-size: 1414px; }.wp-site-blocks > .alignleft { float: left; margin-right: 2em; }.wp-site-blocks > .alignright { float: right; margin-left: 2em; }.wp-site-blocks > .aligncenter { justify-content: center; margin-left: auto; margin-right: auto; }:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flow > .alignleft{float: left;margin-inline-start: 0;margin-inline-end: 2em;}body .is-layout-flow > .alignright{float: right;margin-inline-start: 2em;margin-inline-end: 0;}body .is-layout-flow > .aligncenter{margin-left: auto !important;margin-right: auto !important;}body .is-layout-constrained > .alignleft{float: left;margin-inline-start: 0;margin-inline-end: 2em;}body .is-layout-constrained > .alignright{float: right;margin-inline-start: 2em;margin-inline-end: 0;}body .is-layout-constrained > .aligncenter{margin-left: auto !important;margin-right: auto !important;}body .is-layout-constrained > :where(:not(.alignleft):not(.alignright):not(.alignfull)){max-width: var(--wp--style--global--content-size);margin-left: auto !important;margin-right: auto !important;}body .is-layout-constrained > .alignwide{max-width: var(--wp--style--global--wide-size);}body .is-layout-flex{display: flex;}body .is-layout-flex{flex-wrap: wrap;align-items: center;}body .is-layout-flex > *{margin: 0;}body .is-layout-grid{display: grid;}body .is-layout-grid > *{margin: 0;}body{padding-top: 0px;padding-right: 0px;padding-bottom: 0px;padding-left: 0px;}a:where(:not(.wp-element-button)){text-decoration: underline;}.wp-element-button, .wp-block-button__link{background-color: #32373c;border-width: 0;color: #fff;font-family: inherit;font-size: inherit;line-height: inherit;padding: calc(0.667em + 2px) calc(1.333em + 2px);text-decoration: none;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;}.wp-block-msxcm-cta-block.has-material-color-brand-dark-color{color: var(--wp--preset--color--material-color-brand-dark) !important;}.wp-block-msxcm-cta-block.has-material-color-dark-bg-green-color{color: var(--wp--preset--color--material-color-dark-bg-green) !important;}.wp-block-msxcm-cta-block.has-material-color-dark-bg-dark-orange-color{color: var(--wp--preset--color--material-color-dark-bg-dark-orange) !important;}.wp-block-msxcm-cta-block.has-material-color-brand-dark-background-color{background-color: var(--wp--preset--color--material-color-brand-dark) !important;}.wp-block-msxcm-cta-block.has-material-color-dark-bg-green-background-color{background-color: var(--wp--preset--color--material-color-dark-bg-green) !important;}.wp-block-msxcm-cta-block.has-material-color-dark-bg-dark-orange-background-color{background-color: var(--wp--preset--color--material-color-dark-bg-dark-orange) !important;}.wp-block-msxcm-cta-block.has-material-color-brand-dark-border-color{border-color: var(--wp--preset--color--material-color-brand-dark) !important;}.wp-block-msxcm-cta-block.has-material-color-dark-bg-green-border-color{border-color: var(--wp--preset--color--material-color-dark-bg-green) !important;}.wp-block-msxcm-cta-block.has-material-color-dark-bg-dark-orange-border-color{border-color: var(--wp--preset--color--material-color-dark-bg-dark-orange) !important;}
.wp-block-navigation a:where(:not(.wp-element-button)){color: inherit;}
:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}
:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}
.wp-block-pullquote{font-size: 1.5em;line-height: 1.6;}
</style>
<link rel='stylesheet' id='mse-moray-styles-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/moray-style.css?ver=c6462ec3d6df4437a1c2' type='text/css' media='all' />
<link rel='stylesheet' id='styles-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/css/frontend.css?ver=e482992b5dbefcaf3e82' type='text/css' media='all' />
<link rel='stylesheet' id='msx-theme-toggle-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/theme-toggle.css?ver=1708357133' type='text/css' media='all' />
<link rel='stylesheet' id='msx-theme-uhf-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/uhf.css?ver=1708357133' type='text/css' media='all' />
<link rel='stylesheet' id='fluent-icons-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/css/fluent-icons.css?ver=1708357133' type='text/css' media='all' />
<link rel='stylesheet' id='msxcm-styles-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/dist/css/frontend.css?ver=1.0.11' type='text/css' media='all' />
<link rel='stylesheet' id='msxcm_related_posts-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/assets/css/related-posts.css?ver=1.0.11' type='text/css' media='all' />
<link rel='stylesheet' id='microsoft-uhf-css' href='https://www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-uhf/assets/rss.css?ver=0.4.0' type='text/css' media='all' />
<script type="text/javascript" src="https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js" id="wcp-consent-js"></script>
<script type="text/javascript" src="https://js.monitor.azure.com/scripts/c/ms.analytics-web-3.min.js" id="oneds-tracking-js"></script>
<script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-includes/js/jquery/jquery.min.js?ver=3.7.1" id="jquery-core-js"></script>
<script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1" id="jquery-migrate-js"></script>
<link rel="https://api.w.org/" href="https://www.microsoft.com/en-us/security/blog/wp-json/" /><link rel="alternate" type="application/json" href="https://www.microsoft.com/en-us/security/blog/wp-json/wp/v2/posts/132014" /><link rel='shortlink' href='https://www.microsoft.com/en-us/security/blog/?p=132014' />
<link rel="alternate" type="application/json+oembed" href="https://www.microsoft.com/en-us/security/blog/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2023%2F10%2F25%2Focto-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction%2F" />
<link rel="alternate" type="text/xml+oembed" href="https://www.microsoft.com/en-us/security/blog/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fsecurity%2Fblog%2F2023%2F10%2F25%2Focto-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction%2F&#038;format=xml" />
<link rel="stylesheet" href="https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/29-591900/68-c3a397/f4-0855a6/a8-3dc4a6/f1-3221a1/dc-d4cb46/1f-806835/44-c33a61?ver=2.0&amp;_cf=20210618" type="text/css" media="all" /><link rel='manifest' href='https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/manifest.json' /><style type="text/css">.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style>
	<!-- Facebook Pixel Code -->
	<script>
		function facebookTracking() {
			!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
				n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
				n.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0;
				t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
				document,'script','https://connect.facebook.net/en_US/fbevents.js');
			fbq('init', '1770559986549030');
						fbq('track', 'PageView');
					}
	</script>
	<!-- End Facebook Pixel Code -->

	
	<!-- LinkedIn Code -->
	<script type="text/javascript">
		var _linkedin_data_partner_id = "7850";
		function linkedinTracking(){
			var s = document.getElementsByTagName("script")[0];
			var b = document.createElement("script");
			b.type = "text/javascript";b.async = true;
			b.src = "https://snap.licdn.com/li.lms-analytics/insight.min.js";
			s.parentNode.insertBefore(b, s);
		}
	</script>
	<!-- End LinkedIn Code -->

	
	<!-- Google DoubleClick Code -->
	<script>
		function doubleclickTracking() {
			var random = Math.floor(Math.random() * 10000000000);
			var img = document.createElement('img');
			img.src = 'https://googleads.g.doubleclick.net/pagead/viewthroughconversion/862646735/?guid=ON&script=0&random=' + random;
			img.width = 1;
			img.height = 1;
			img.style = 'display:none;';
			document.body.appendChild(img);
		}
	</script>
	<!-- End Google DoubleClick Code -->

	
	<!-- Microsoft Advertising UET Code -->
	<script>
		function microsoftAds() {
			(function(w, d, t, r, u) {
			var f, n, i;
			w[u] = w[u] || [], f = function() {
			var o = {
			ti: "4000034"
			};
			o.q = w[u], w[u] = new UET(o), w[u].push("pageLoad")
			}, n = d.createElement(t), n.src = r, n.async = 1, n.onload = n.onreadystatechange = function() {
			var s = this.readyState;
			s && s !== "loaded" && s !== "complete" || (f(), n.onload = n.onreadystatechange = null) }, i = d.getElementsByTagName(t)[0], i.parentNode.insertBefore(n, i)
			})(window, document, "script", "//bat.bing.com/bat.js", "uetq");
		}
	</script>
	<!-- End Microsoft Advertising UET Code -->

	
	<!-- Clarity Code -->
	<script type="text/javascript">
		function clarityTracking() {
			(function(c,l,a,r,i,t,y){
			c[a]=c[a]||function(){(c[a].q=c[a].q||[]).push(arguments)};
			t=l.createElement(r);t.async=1;t.src="https://www.clarity.ms/tag/"+i;
			y=l.getElementsByTagName(r)[0];y.parentNode.insertBefore(t,y);
			})(window, document, "clarity", "script", "coq1z7el3n");
		}
	</script>
	<!-- End Clarity Code -->

			<style type="text/css" id="wp-custom-css">
			body.term-threat-intelligence .faceted-search-results__items > div:has(> div.promo-banner) {
	display: none;
}		</style>
		<script src="https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/shell/_scrf/js/themes=default/d6-d6e6df/89-746ba4/df-3feeb0/f5-14aef8/bd-f5f332/27-13b2c3/e9-07937b/33-b505e5/fa-7a47db/6e-e2d05f/74-0b2d48/88-5b9b75/1b-240b37/4e-8e1a50/c2-370434/6f-bf5d0f/ea-315ddf/2e-e273bf/17-02d9ee/cf-2a93c7/c0-2ffa80/77-785548/48-4f52bb/3c-6c8ad0/3a-0d7cd3/5f-7d882b/c1-621df2/38-e8e647/17-c82a09/85-bd536d/44-776362/f8-86938e/61-951d1b/39-3d9dc2/81-96da47/ec-e44e19/6c-7627b9?ver=2.0&_cf=20210618&iife=1"></script>	</head>
	<body class="post-template-default single single-post postid-132014 single-format-standard microsoft-uhf">
		<div id="ms-cookie-banner"></div>	<div id="headerArea" class="uhf"  data-m='{"cN":"headerArea","cT":"Area_coreuiArea","id":"a1Body","sN":1,"aN":"Body"}'>
                <div id="headerRegion"      data-region-key="headerregion" data-m='{"cN":"headerRegion","cT":"Region_coreui-region","id":"r1a1","sN":1,"aN":"a1"}' >

    <div  id="headerUniversalHeader" data-m='{"cN":"headerUniversalHeader","cT":"Module_coreui-universalheader","id":"m1r1a1","sN":1,"aN":"r1a1"}'  data-module-id="Category|headerRegion|coreui-region|headerUniversalHeader|coreui-universalheader">
        

                        <div id="epb" class="x-hidden x-hidden-vp-mobile-st uhfc-universal-context context-uhf" data-m='{"cN":"epb_cont","cT":"Container","id":"c1m1r1a1","sN":1,"aN":"m1r1a1"}'>

	<div class="c-uhfh-alert f-information epb-container theme-light" role="dialog" aria-label="Promotional Banner" data-m='{"cT":"Container","id":"c1c1m1r1a1","sN":1,"aN":"c1m1r1a1"}' data-pb="[{&quot;Browser&quot;:&quot;edge&quot;,&quot;ExtensionType&quot;:&quot;windows10only&quot;,&quot;ExtensionUrl&quot;:&quot;https://aka.ms/MicrosoftEdgeDownload&quot;,&quot;BackgroundColorDarkTheme&quot;:&quot;b-black&quot;,&quot;LogoUrlDarkTheme&quot;:&quot;https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4xdax&quot;,&quot;ActionLinkBackgroundColorDarkTheme&quot;:&quot;btn-white&quot;,&quot;BackgroundColorLightTheme&quot;:&quot;b-white&quot;,&quot;LogoUrlLightTheme&quot;:&quot;https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4xdax&quot;,&quot;ActionLinkBackgroundColorLightTheme&quot;:&quot;btn-light-blue&quot;,&quot;Title&quot;:&quot;Try the browser recommended by Microsoft&quot;,&quot;Paragraph&quot;:&quot;Get speed, security and privacy with Microsoft Edge&quot;,&quot;ActionLinkText&quot;:&quot;Download now&quot;,&quot;ActionLinkAriaLabel&quot;:&quot;Download now&quot;,&quot;DismissText&quot;:&quot;No thanks&quot;,&quot;DismissAriaLabel&quot;:&quot;No thanks&quot;,&quot;CookieExpiration&quot;:&quot;30&quot;,&quot;CurrentTheme&quot;:&quot;theme-light&quot;},{&quot;Browser&quot;:&quot;chrome&quot;,&quot;ExtensionType&quot;:&quot;windows10only&quot;,&quot;ExtensionUrl&quot;:&quot;https://go.microsoft.com/fwlink/?linkid=2231161&quot;,&quot;BackgroundColorDarkTheme&quot;:&quot;b-black&quot;,&quot;LogoUrlDarkTheme&quot;:&quot;http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RW12cms?ver=051d&quot;,&quot;ActionLinkBackgroundColorDarkTheme&quot;:&quot;btn-white&quot;,&quot;BackgroundColorLightTheme&quot;:&quot;b-white&quot;,&quot;LogoUrlLightTheme&quot;:&quot;https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RW1fJPf?ver=4512&quot;,&quot;ActionLinkBackgroundColorLightTheme&quot;:&quot;btn-light-blue&quot;,&quot;Title&quot;:&quot;Unleash AI-powered browsing with Copilot in Microsoft Edge&quot;,&quot;Paragraph&quot;:&quot;Go beyond what you thought was possible with your AI-companion for the web&quot;,&quot;ActionLinkText&quot;:&quot;Try now&quot;,&quot;ActionLinkAriaLabel&quot;:&quot;Try now&quot;,&quot;DismissText&quot;:&quot;No, thanks&quot;,&quot;DismissAriaLabel&quot;:&quot;No, thanks&quot;,&quot;CookieExpiration&quot;:&quot;30&quot;,&quot;CurrentTheme&quot;:&quot;theme-light&quot;},{&quot;Browser&quot;:&quot;firefox&quot;,&quot;ExtensionType&quot;:&quot;rewards&quot;,&quot;ExtensionUrl&quot;:&quot;https://browserdefaults.microsoft.com/extn/redirect/?xid=6&amp;br=mf&amp;channel=uhf&amp;pc=U564&quot;,&quot;BackgroundColorDarkTheme&quot;:&quot;b-blue&quot;,&quot;LogoUrlDarkTheme&quot;:&quot;https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4mFZT?ver=7321&quot;,&quot;ActionLinkBackgroundColorDarkTheme&quot;:&quot;btn-white&quot;,&quot;BackgroundColorLightTheme&quot;:&quot;b-white&quot;,&quot;LogoUrlLightTheme&quot;:&quot;https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4mDoE?ver=3feb&quot;,&quot;ActionLinkBackgroundColorLightTheme&quot;:&quot;btn-blue&quot;,&quot;Title&quot;:&quot;Maximize your points with the Microsoft Rewards extension&quot;,&quot;Paragraph&quot;:&quot;Quick access to your daily points and offers&quot;,&quot;ActionLinkText&quot;:&quot;Add it now&quot;,&quot;ActionLinkAriaLabel&quot;:&quot;Add it now&quot;,&quot;DismissText&quot;:&quot;No thanks&quot;,&quot;DismissAriaLabel&quot;:&quot;No thanks&quot;,&quot;CookieExpiration&quot;:&quot;30&quot;,&quot;CurrentTheme&quot;:&quot;theme-light&quot;}]" data-pb-g="true">
		<div>
			<div class="c-paragraph">
				<img alt="" data-src="" src="" class="f-img-lzy" />
				<span class="c-text-group pb-content">
					<span class="epb-launch pb-content-heading"></span>
					<span class="epb-text pb-content-text"></span>
				</span>
			</div>
			<span class="c-group">
				<button id="close-epb" class="c-action-trigger c-action-cancel glyph-cancel" data-m='{"cN":"PB-dismiss_nonnav","id":"nn1c1c1m1r1a1","sN":1,"aN":"c1c1m1r1a1"}'></button>
				<a id="epbTryNow" href="" target="_blank" class="epb-launch c-action-trigger c-action-open" data-m='{"cN":"PB-launch_nav","id":"n2c1c1m1r1a1","sN":2,"aN":"c1c1m1r1a1"}'></a>
			</span>
		</div>
	</div>





                            
                        </div>





        <a id="uhfSkipToMain" class="m-skip-to-main" href="javascript:void(0)" data-href="#mainContent" tabindex="0" data-m='{"cN":"Skip to content_nonnav","id":"nn2c1m1r1a1","sN":2,"aN":"c1m1r1a1"}'>Skip to main content</a>


<header class="c-uhfh context-uhf no-js c-sgl-stck c-category-header " itemscope="itemscope" data-header-footprint="/MSSecurity/MSSecurityHeader, fromService: True"   data-magict="true"   itemtype="http://schema.org/Organization">
    <div class="theme-light js-global-head f-closed  global-head-cont" data-m='{"cN":"Universal Header_cont","cT":"Container","id":"c3c1m1r1a1","sN":3,"aN":"c1m1r1a1"}'>
        <div class="c-uhfh-gcontainer-st">
            <button type="button" class="c-action-trigger c-glyph glyph-global-nav-button" aria-label="All Microsoft expand to see list of Microsoft products and services" initialState-label="All Microsoft expand to see list of Microsoft products and services" toggleState-label="Close All Microsoft list" aria-expanded="false" data-m='{"cN":"Mobile menu button_nonnav","id":"nn1c3c1m1r1a1","sN":1,"aN":"c3c1m1r1a1"}'></button>
            <button type="button" class="c-action-trigger c-glyph glyph-arrow-htmllegacy c-close-search" aria-label="Close search" aria-expanded="false" data-m='{"cN":"Close Search_nonnav","id":"nn2c3c1m1r1a1","sN":2,"aN":"c3c1m1r1a1"}'></button>
                    <a id="uhfLogo" class="c-logo c-sgl-stk-uhfLogo" itemprop="url" href="https://www.microsoft.com" aria-label="Microsoft" data-m='{"cN":"GlobalNav_Logo_cont","cT":"Container","id":"c3c3c1m1r1a1","sN":3,"aN":"c3c1m1r1a1"}'>
                        <img alt="" itemprop="logo" class="c-image" src="https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31" role="presentation" aria-hidden="true" />
                        <span itemprop="name" role="presentation" aria-hidden="true">Microsoft</span>
                    </a>
            <div class="f-mobile-title">
                <button type="button" class="c-action-trigger c-glyph glyph-chevron-left" aria-label="See more menu options" data-m='{"cN":"Mobile back button_nonnav","id":"nn4c3c1m1r1a1","sN":4,"aN":"c3c1m1r1a1"}'></button>
                <span data-global-title="Microsoft home" class="js-mobile-title">Microsoft Security</span>
                <button type="button" class="c-action-trigger c-glyph glyph-chevron-right" aria-label="See more menu options" data-m='{"cN":"Mobile forward button_nonnav","id":"nn5c3c1m1r1a1","sN":5,"aN":"c3c1m1r1a1"}'></button>
            </div>
                    <div class="c-show-pipe x-hidden-vp-mobile-st">
                        <a id="uhfCatLogo" class="c-logo c-cat-logo" href="https://www.microsoft.com/en-us/security" aria-label="Microsoft Security" itemprop="url" data-m='{"cN":"CatNav_Microsoft Security_nav","id":"n6c3c1m1r1a1","sN":6,"aN":"c3c1m1r1a1"}'>
                                <span>Microsoft Security</span>
                        </a>
                    </div>
                <div class="cat-logo-button-cont x-hidden">
                        <button type="button" id="uhfCatLogoButton" class="c-cat-logo-button x-hidden" aria-expanded="false" aria-label="Microsoft Security" data-m='{"cN":"Microsoft Security_nonnav","id":"nn7c3c1m1r1a1","sN":7,"aN":"c3c1m1r1a1"}'>
                            Microsoft Security
                        </button>
                </div>



                    <nav id="uhf-g-nav" aria-label="Contextual menu" class="c-uhfh-gnav" data-m='{"cN":"Category nav_cont","cT":"Container","id":"c8c3c1m1r1a1","sN":8,"aN":"c3c1m1r1a1"}'>
            <ul class="js-paddle-items">
                    <li class="single-link js-nav-menu x-hidden-none-mobile-vp uhf-menu-item">
                        <a class="c-uhf-nav-link" href="https://www.microsoft.com/en-us/security" data-m='{"cN":"CatNav_Home_nav","id":"n1c8c3c1m1r1a1","sN":1,"aN":"c8c3c1m1r1a1"}' > Home </a>
                    </li>
                                        <li class="nested-menu uhf-menu-item">
                            <div class="c-uhf-menu js-nav-menu">
                                <button type="button" id="c-shellmenu_42"  aria-expanded="false" data-m='{"id":"nn2c8c3c1m1r1a1","sN":2,"aN":"c8c3c1m1r1a1"}'>Solutions</button>

                                <ul class="" data-class-idn="" aria-hidden="true" data-m='{"cT":"Container","id":"c3c8c3c1m1r1a1","sN":3,"aN":"c8c3c1m1r1a1"}'>
        <li class="js-nav-menu single-link" data-m='{"cN":"Solutions_CloudSecurity_cont","cT":"Container","id":"c1c3c8c3c1m1r1a1","sN":1,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_43" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/cloud-security" data-m='{"cN":"CatNav_Solutions_CloudSecurity_nav","id":"n1c1c3c8c3c1m1r1a1","sN":1,"aN":"c1c3c8c3c1m1r1a1"}'>Cloud security</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c2c3c8c3c1m1r1a1","sN":2,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_44" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/cloud-workload-protection" data-m='{"id":"n1c2c3c8c3c1m1r1a1","sN":1,"aN":"c2c3c8c3c1m1r1a1"}'>Cloud workload protection</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c3c3c8c3c1m1r1a1","sN":3,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_45" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/data-security" data-m='{"id":"n1c3c3c8c3c1m1r1a1","sN":1,"aN":"c3c3c8c3c1m1r1a1"}'>Data security</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Solutions_FrontlineWorkers_cont","cT":"Container","id":"c4c3c8c3c1m1r1a1","sN":4,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_46" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/security-for-frontline-workers" data-m='{"cN":"CatNav_Solutions_FrontlineWorkers_nav","id":"n1c4c3c8c3c1m1r1a1","sN":1,"aN":"c4c3c8c3c1m1r1a1"}'>Frontline workers</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Solutions_IdentityAccess_cont","cT":"Container","id":"c5c3c8c3c1m1r1a1","sN":5,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_47" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/identity-access" data-m='{"cN":"CatNav_Solutions_IdentityAccess_nav","id":"n1c5c3c8c3c1m1r1a1","sN":1,"aN":"c5c3c8c3c1m1r1a1"}'>Identity &amp; network access</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c6c3c8c3c1m1r1a1","sN":6,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_48" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/identity-threat-detection-response" data-m='{"id":"n1c6c3c8c3c1m1r1a1","sN":1,"aN":"c6c3c8c3c1m1r1a1"}'>Identity threat detection &amp; response</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Solutions_IndustrialCriticalInfrastructure_cont","cT":"Container","id":"c7c3c8c3c1m1r1a1","sN":7,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_49" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/industrial-critical-infrastructure-security" data-m='{"cN":"CatNav_Solutions_IndustrialCriticalInfrastructure_nav","id":"n1c7c3c8c3c1m1r1a1","sN":1,"aN":"c7c3c8c3c1m1r1a1"}'>Industrial &amp; critical infrastructure</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c8c3c8c3c1m1r1a1","sN":8,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_50" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/information-protection" data-m='{"id":"n1c8c3c8c3c1m1r1a1","sN":1,"aN":"c8c3c8c3c1m1r1a1"}'>Information protection &amp; governance</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Solutions_IoTSecurity_cont","cT":"Container","id":"c9c3c8c3c1m1r1a1","sN":9,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_51" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/iot-security" data-m='{"cN":"CatNav_Solutions_IoTSecurity_nav","id":"n1c9c3c8c3c1m1r1a1","sN":1,"aN":"c9c3c8c3c1m1r1a1"}'>IoT security</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Solutions_Passwordless_cont","cT":"Container","id":"c10c3c8c3c1m1r1a1","sN":10,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_52" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/passwordless-authentication" data-m='{"cN":"CatNav_Solutions_Passwordless_nav","id":"n1c10c3c8c3c1m1r1a1","sN":1,"aN":"c10c3c8c3c1m1r1a1"}'>Passwordless authentication</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Solutions_Phishing_cont","cT":"Container","id":"c11c3c8c3c1m1r1a1","sN":11,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_53" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/phishing " data-m='{"cN":"CatNav_Solutions_Phishing_nav","id":"n1c11c3c8c3c1m1r1a1","sN":1,"aN":"c11c3c8c3c1m1r1a1"}'>Phishing</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Solutions_RansomwareProtection_cont","cT":"Container","id":"c12c3c8c3c1m1r1a1","sN":12,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_54" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/ransomware-protection-for-businesses" data-m='{"cN":"CatNav_Solutions_RansomwareProtection_nav","id":"n1c12c3c8c3c1m1r1a1","sN":1,"aN":"c12c3c8c3c1m1r1a1"}'>Ransomware</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c13c3c8c3c1m1r1a1","sN":13,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_55" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/risk-management" data-m='{"id":"n1c13c3c8c3c1m1r1a1","sN":1,"aN":"c13c3c8c3c1m1r1a1"}'>Risk management</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c14c3c8c3c1m1r1a1","sN":14,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_56" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/secure-remote-work" data-m='{"id":"n1c14c3c8c3c1m1r1a1","sN":1,"aN":"c14c3c8c3c1m1r1a1"}'>Secure remote work</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c15c3c8c3c1m1r1a1","sN":15,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_57" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/extended-detection-response-xdr" data-m='{"id":"n1c15c3c8c3c1m1r1a1","sN":1,"aN":"c15c3c8c3c1m1r1a1"}'>XDR</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c16c3c8c3c1m1r1a1","sN":16,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_58" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/solutions/siem-xdr-threat-protection" data-m='{"id":"n1c16c3c8c3c1m1r1a1","sN":1,"aN":"c16c3c8c3c1m1r1a1"}'>XDR + SIEM</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c17c3c8c3c1m1r1a1","sN":17,"aN":"c3c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_59" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/zero-trust" data-m='{"id":"n1c17c3c8c3c1m1r1a1","sN":1,"aN":"c17c3c8c3c1m1r1a1"}'>Zero Trust</a>
            
        </li>
                                                    
                                </ul>
                            </div>
                        </li>                        <li class="nested-menu uhf-menu-item">
                            <div class="c-uhf-menu js-nav-menu">
                                <button type="button" id="c-shellmenu_60"  aria-expanded="false" data-m='{"id":"nn4c8c3c1m1r1a1","sN":4,"aN":"c8c3c1m1r1a1"}'>Products</button>

                                <ul class="f-multi-column f-multi-column-6" data-class-idn="f-multi-column f-multi-column-6" aria-hidden="true" data-m='{"cT":"Container","id":"c5c8c3c1m1r1a1","sN":5,"aN":"c8c3c1m1r1a1"}'>
<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c1c5c8c3c1m1r1a1","sN":1,"aN":"c5c8c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_61-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c1c5c8c3c1m1r1a1","sN":1,"aN":"c1c5c8c3c1m1r1a1"}'>Product families</span>
    <button id="uhf-navbtn-shellmenu_61-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c1c5c8c3c1m1r1a1","sN":2,"aN":"c1c5c8c3c1m1r1a1"}'>Product families</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_61-span">
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderFamily_cont","cT":"Container","id":"c3c1c5c8c3c1m1r1a1","sN":3,"aN":"c1c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_62" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/microsoft-defender" data-m='{"cN":"CatNav_Products_DefenderFamily_nav","id":"n1c3c1c5c8c3c1m1r1a1","sN":1,"aN":"c3c1c5c8c3c1m1r1a1"}'>Microsoft Defender</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_EntraFamily_cont","cT":"Container","id":"c4c1c5c8c3c1m1r1a1","sN":4,"aN":"c1c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_63" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/microsoft-entra" data-m='{"cN":"CatNav_Products_EntraFamily_nav","id":"n1c4c1c5c8c3c1m1r1a1","sN":1,"aN":"c4c1c5c8c3c1m1r1a1"}'>Microsoft Entra</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c5c1c5c8c3c1m1r1a1","sN":5,"aN":"c1c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_64" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/microsoft-Intune" data-m='{"id":"n1c5c1c5c8c3c1m1r1a1","sN":1,"aN":"c5c1c5c8c3c1m1r1a1"}'>Microsoft Intune</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c6c1c5c8c3c1m1r1a1","sN":6,"aN":"c1c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_65" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/microsoft-priva" data-m='{"id":"n1c6c1c5c8c3c1m1r1a1","sN":1,"aN":"c6c1c5c8c3c1m1r1a1"}'>Microsoft Priva</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurviewFamily_cont","cT":"Container","id":"c7c1c5c8c3c1m1r1a1","sN":7,"aN":"c1c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_66" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/microsoft-purview" data-m='{"cN":"CatNav_Products_PurviewFamily_nav","id":"n1c7c1c5c8c3c1m1r1a1","sN":1,"aN":"c7c1c5c8c3c1m1r1a1"}'>Microsoft Purview</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c8c1c5c8c3c1m1r1a1","sN":8,"aN":"c1c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_67" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-sentinel" data-m='{"id":"n1c8c1c5c8c3c1m1r1a1","sN":1,"aN":"c8c1c5c8c3c1m1r1a1"}'>Microsoft Sentinel</a>
            
        </li>
    </ul>
    
</li>
<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c2c5c8c3c1m1r1a1","sN":2,"aN":"c5c8c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_68-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c2c5c8c3c1m1r1a1","sN":1,"aN":"c2c5c8c3c1m1r1a1"}'>Security AI</span>
    <button id="uhf-navbtn-shellmenu_68-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c2c5c8c3c1m1r1a1","sN":2,"aN":"c2c5c8c3c1m1r1a1"}'>Security AI</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_68-span">
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c3c2c5c8c3c1m1r1a1","sN":3,"aN":"c2c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_69" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/ai-machine-learning/microsoft-security-copilot" data-m='{"id":"n1c3c2c5c8c3c1m1r1a1","sN":1,"aN":"c3c2c5c8c3c1m1r1a1"}'>Microsoft Security Copilot</a>
            
        </li>
    </ul>
    
</li>
<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c3c5c8c3c1m1r1a1","sN":3,"aN":"c5c8c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_70-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c3c5c8c3c1m1r1a1","sN":1,"aN":"c3c5c8c3c1m1r1a1"}'>Identity &amp; access</span>
    <button id="uhf-navbtn-shellmenu_70-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c3c5c8c3c1m1r1a1","sN":2,"aN":"c3c5c8c3c1m1r1a1"}'>Identity &amp; access</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_70-span">
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_EntraID_cont","cT":"Container","id":"c3c3c5c8c3c1m1r1a1","sN":3,"aN":"c3c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_71" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id" data-m='{"cN":"CatNav_Products_EntraID_nav","id":"n1c3c3c5c8c3c1m1r1a1","sN":1,"aN":"c3c3c5c8c3c1m1r1a1"}'>Microsoft Entra ID (Azure Active Directory)</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c4c3c5c8c3c1m1r1a1","sN":4,"aN":"c3c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_72" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-external-id" data-m='{"id":"n1c4c3c5c8c3c1m1r1a1","sN":1,"aN":"c4c3c5c8c3c1m1r1a1"}'>Microsoft Entra External ID</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Microsoft Entra ID Governance_cont","cT":"Container","id":"c5c3c5c8c3c1m1r1a1","sN":5,"aN":"c3c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_73" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id-governance" data-m='{"cN":"CatNav_Microsoft Entra ID Governance_nav","id":"n1c5c3c5c8c3c1m1r1a1","sN":1,"aN":"c5c3c5c8c3c1m1r1a1"}'>Microsoft Entra ID Governance</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_IDProtection_cont","cT":"Container","id":"c6c3c5c8c3c1m1r1a1","sN":6,"aN":"c3c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_74" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id-protection " data-m='{"cN":"CatNav_Products_IDProtection_nav","id":"n1c6c3c5c8c3c1m1r1a1","sN":1,"aN":"c6c3c5c8c3c1m1r1a1"}'>Microsoft Entra ID Protection</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_InternetAccess_cont","cT":"Container","id":"c7c3c5c8c3c1m1r1a1","sN":7,"aN":"c3c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_75" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-internet-access" data-m='{"cN":"CatNav_Products_InternetAccess_nav","id":"n1c7c3c5c8c3c1m1r1a1","sN":1,"aN":"c7c3c5c8c3c1m1r1a1"}'>Microsoft Entra Internet Access</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_PrivateAccess_cont","cT":"Container","id":"c8c3c5c8c3c1m1r1a1","sN":8,"aN":"c3c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_76" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-private-access" data-m='{"cN":"CatNav_Products_PrivateAccess_nav","id":"n1c8c3c5c8c3c1m1r1a1","sN":1,"aN":"c8c3c5c8c3c1m1r1a1"}'>Microsoft Entra Private Access</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_PermissionsManagement_cont","cT":"Container","id":"c9c3c5c8c3c1m1r1a1","sN":9,"aN":"c3c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_77" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-permissions-management " data-m='{"cN":"CatNav_Products_PermissionsManagement_nav","id":"n1c9c3c5c8c3c1m1r1a1","sN":1,"aN":"c9c3c5c8c3c1m1r1a1"}'>Microsoft Entra Permissions Management</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_VerifiedID_cont","cT":"Container","id":"c10c3c5c8c3c1m1r1a1","sN":10,"aN":"c3c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_78" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-verified-id" data-m='{"cN":"CatNav_Products_VerifiedID_nav","id":"n1c10c3c5c8c3c1m1r1a1","sN":1,"aN":"c10c3c5c8c3c1m1r1a1"}'>Microsoft Entra Verified ID</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_WorkloadID_cont","cT":"Container","id":"c11c3c5c8c3c1m1r1a1","sN":11,"aN":"c3c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_79" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-workload-identities " data-m='{"cN":"CatNav_Products_WorkloadID_nav","id":"n1c11c3c5c8c3c1m1r1a1","sN":1,"aN":"c11c3c5c8c3c1m1r1a1"}'>Microsoft Entra Workload ID</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c12c3c5c8c3c1m1r1a1","sN":12,"aN":"c3c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_80" class="js-subm-uhf-nav-link" href="https://azure.microsoft.com/en-us/products/microsoft-entra-ds" data-m='{"id":"n1c12c3c5c8c3c1m1r1a1","sN":1,"aN":"c12c3c5c8c3c1m1r1a1"}'>Microsoft Entra Domain Services</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_AzureKeyVault_cont","cT":"Container","id":"c13c3c5c8c3c1m1r1a1","sN":13,"aN":"c3c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_81" class="js-subm-uhf-nav-link" href="https://azure.microsoft.com/en-us/services/key-vault/" data-m='{"cN":"CatNav_Products_AzureKeyVault_nav","id":"n1c13c3c5c8c3c1m1r1a1","sN":1,"aN":"c13c3c5c8c3c1m1r1a1"}'>Azure Key Vault</a>
            
        </li>
    </ul>
    
</li>
<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c4c5c8c3c1m1r1a1","sN":4,"aN":"c5c8c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_82-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c4c5c8c3c1m1r1a1","sN":1,"aN":"c4c5c8c3c1m1r1a1"}'>SIEM &amp; XDR</span>
    <button id="uhf-navbtn-shellmenu_82-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c4c5c8c3c1m1r1a1","sN":2,"aN":"c4c5c8c3c1m1r1a1"}'>SIEM &amp; XDR</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_82-span">
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c3c4c5c8c3c1m1r1a1","sN":3,"aN":"c4c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_83" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-sentinel" data-m='{"id":"n1c3c4c5c8c3c1m1r1a1","sN":1,"aN":"c3c4c5c8c3c1m1r1a1"}'>Microsoft Sentinel</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c4c4c5c8c3c1m1r1a1","sN":4,"aN":"c4c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_84" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/cloud-security/microsoft-defender-cloud" data-m='{"id":"n1c4c4c5c8c3c1m1r1a1","sN":1,"aN":"c4c4c5c8c3c1m1r1a1"}'>Microsoft Defender for Cloud</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_M365Defender_cont","cT":"Container","id":"c5c4c5c8c3c1m1r1a1","sN":5,"aN":"c4c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_85" class="js-subm-uhf-nav-link" href="http://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-xdr" data-m='{"cN":"CatNav_Products_M365Defender_nav","id":"n1c5c4c5c8c3c1m1r1a1","sN":1,"aN":"c5c4c5c8c3c1m1r1a1"}'>Microsoft Defender XDR</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderEndpoint_cont","cT":"Container","id":"c6c4c5c8c3c1m1r1a1","sN":6,"aN":"c4c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_86" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-endpoint" data-m='{"cN":"CatNav_Products_DefenderEndpoint_nav","id":"n1c6c4c5c8c3c1m1r1a1","sN":1,"aN":"c6c4c5c8c3c1m1r1a1"}'>Microsoft Defender for Endpoint</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c7c4c5c8c3c1m1r1a1","sN":7,"aN":"c4c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_87" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/threat-protection/office-365-defender" data-m='{"id":"n1c7c4c5c8c3c1m1r1a1","sN":1,"aN":"c7c4c5c8c3c1m1r1a1"}'>Microsoft Defender for Office 365</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderIdentity_cont","cT":"Container","id":"c8c4c5c8c3c1m1r1a1","sN":8,"aN":"c4c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_88" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-for-identity" data-m='{"cN":"CatNav_Products_DefenderIdentity_nav","id":"n1c8c4c5c8c3c1m1r1a1","sN":1,"aN":"c8c4c5c8c3c1m1r1a1"}'>Microsoft Defender for Identity</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c9c4c5c8c3c1m1r1a1","sN":9,"aN":"c4c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_89" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-cloud-apps" data-m='{"id":"n1c9c4c5c8c3c1m1r1a1","sN":1,"aN":"c9c4c5c8c3c1m1r1a1"}'>Microsoft Defender for Cloud Apps</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderVulnerability_cont","cT":"Container","id":"c10c4c5c8c3c1m1r1a1","sN":10,"aN":"c4c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_90" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/threat-protection/microsoft-defender-vulnerability-management " data-m='{"cN":"CatNav_Products_DefenderVulnerability_nav","id":"n1c10c4c5c8c3c1m1r1a1","sN":1,"aN":"c10c4c5c8c3c1m1r1a1"}'>Microsoft Defender Vulnerability Management</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderTI_cont","cT":"Container","id":"c11c4c5c8c3c1m1r1a1","sN":11,"aN":"c4c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_91" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-threat-intelligence" data-m='{"cN":"CatNav_Products_DefenderTI_nav","id":"n1c11c4c5c8c3c1m1r1a1","sN":1,"aN":"c11c4c5c8c3c1m1r1a1"}'>Microsoft Defender Threat Intelligence</a>
            
        </li>
    </ul>
    
</li>
<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c5c5c8c3c1m1r1a1","sN":5,"aN":"c5c8c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_92-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c5c5c8c3c1m1r1a1","sN":1,"aN":"c5c5c8c3c1m1r1a1"}'>Cloud security</span>
    <button id="uhf-navbtn-shellmenu_92-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c5c5c8c3c1m1r1a1","sN":2,"aN":"c5c5c8c3c1m1r1a1"}'>Cloud security</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_92-span">
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderCloud_cont","cT":"Container","id":"c3c5c5c8c3c1m1r1a1","sN":3,"aN":"c5c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_93" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/cloud-security/microsoft-defender-cloud" data-m='{"cN":"CatNav_Products_DefenderCloud_nav","id":"n1c3c5c5c8c3c1m1r1a1","sN":1,"aN":"c3c5c5c8c3c1m1r1a1"}'>Microsoft Defender for Cloud</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderCSPM_cont","cT":"Container","id":"c4c5c5c8c3c1m1r1a1","sN":4,"aN":"c5c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_94" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/cloud-security/microsoft-defender-cloud-security-posture-management" data-m='{"cN":"CatNav_Products_DefenderCSPM_nav","id":"n1c4c5c5c8c3c1m1r1a1","sN":1,"aN":"c4c5c5c8c3c1m1r1a1"}'>Microsoft Defender Cloud Security Posture Mgmt</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderEASM_cont","cT":"Container","id":"c5c5c5c8c3c1m1r1a1","sN":5,"aN":"c5c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_95" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/cloud-security/microsoft-defender-external-attack-surface-management" data-m='{"cN":"CatNav_Products_DefenderEASM_nav","id":"n1c5c5c5c8c3c1m1r1a1","sN":1,"aN":"c5c5c5c8c3c1m1r1a1"}'>Microsoft Defender External Attack Surface Management</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_AzureFirewall_cont","cT":"Container","id":"c6c5c5c8c3c1m1r1a1","sN":6,"aN":"c5c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_96" class="js-subm-uhf-nav-link" href="https://azure.microsoft.com/en-us/services/azure-firewall/" data-m='{"cN":"CatNav_Products_AzureFirewall_nav","id":"n1c6c5c5c8c3c1m1r1a1","sN":1,"aN":"c6c5c5c8c3c1m1r1a1"}'>Azure Firewall</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_AzureWebAppFirewall_cont","cT":"Container","id":"c7c5c5c8c3c1m1r1a1","sN":7,"aN":"c5c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_97" class="js-subm-uhf-nav-link" href="https://azure.microsoft.com/en-us/services/web-application-firewall/" data-m='{"cN":"CatNav_Products_AzureWebAppFirewall_nav","id":"n1c7c5c5c8c3c1m1r1a1","sN":1,"aN":"c7c5c5c8c3c1m1r1a1"}'>Azure Web App Firewall</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_AzureDDoSProtection_cont","cT":"Container","id":"c8c5c5c8c3c1m1r1a1","sN":8,"aN":"c5c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_98" class="js-subm-uhf-nav-link" href="https://azure.microsoft.com/en-us/services/ddos-protection/" data-m='{"cN":"CatNav_Products_AzureDDoSProtection_nav","id":"n1c8c5c5c8c3c1m1r1a1","sN":1,"aN":"c8c5c5c8c3c1m1r1a1"}'>Azure DDoS Protection</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_GitHubAdvancedSecurty_cont","cT":"Container","id":"c9c5c5c8c3c1m1r1a1","sN":9,"aN":"c5c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_99" class="js-subm-uhf-nav-link" href="https://github.com/features/security" data-m='{"cN":"CatNav_Products_GitHubAdvancedSecurty_nav","id":"n1c9c5c5c8c3c1m1r1a1","sN":1,"aN":"c9c5c5c8c3c1m1r1a1"}'>GitHub Advanced Security</a>
            
        </li>
    </ul>
    
</li>
<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c6c5c8c3c1m1r1a1","sN":6,"aN":"c5c8c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_100-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c6c5c8c3c1m1r1a1","sN":1,"aN":"c6c5c8c3c1m1r1a1"}'>Endpoint security &amp; management</span>
    <button id="uhf-navbtn-shellmenu_100-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c6c5c8c3c1m1r1a1","sN":2,"aN":"c6c5c8c3c1m1r1a1"}'>Endpoint security &amp; management</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_100-span">
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderEndpoint_cont","cT":"Container","id":"c3c6c5c8c3c1m1r1a1","sN":3,"aN":"c6c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_101" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-endpoint" data-m='{"cN":"CatNav_Products_DefenderEndpoint_nav","id":"n1c3c6c5c8c3c1m1r1a1","sN":1,"aN":"c3c6c5c8c3c1m1r1a1"}'>Microsoft Defender for Endpoint</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_M365Defender_cont","cT":"Container","id":"c4c6c5c8c3c1m1r1a1","sN":4,"aN":"c6c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_102" class="js-subm-uhf-nav-link" href="http://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-xdr" data-m='{"cN":"CatNav_Products_M365Defender_nav","id":"n1c4c6c5c8c3c1m1r1a1","sN":1,"aN":"c4c6c5c8c3c1m1r1a1"}'>Microsoft Defender XDR</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderforBusiness_cont","cT":"Container","id":"c5c6c5c8c3c1m1r1a1","sN":5,"aN":"c6c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_103" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-business" data-m='{"cN":"CatNav_Products_DefenderforBusiness_nav","id":"n1c5c6c5c8c3c1m1r1a1","sN":1,"aN":"c5c6c5c8c3c1m1r1a1"}'>Microsoft Defender for Business</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c6c6c5c8c3c1m1r1a1","sN":6,"aN":"c6c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_104" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-intune" data-m='{"id":"n1c6c6c5c8c3c1m1r1a1","sN":1,"aN":"c6c6c5c8c3c1m1r1a1"}'>Microsoft Intune core capabilities</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderIoT_cont","cT":"Container","id":"c7c6c5c8c3c1m1r1a1","sN":7,"aN":"c6c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_105" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-iot" data-m='{"cN":"CatNav_Products_DefenderIoT_nav","id":"n1c7c6c5c8c3c1m1r1a1","sN":1,"aN":"c7c6c5c8c3c1m1r1a1"}'>Microsoft Defender for IoT</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_DefenderVulnerability_cont","cT":"Container","id":"c8c6c5c8c3c1m1r1a1","sN":8,"aN":"c6c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_106" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/threat-protection/microsoft-defender-vulnerability-management " data-m='{"cN":"CatNav_Products_DefenderVulnerability_nav","id":"n1c8c6c5c8c3c1m1r1a1","sN":1,"aN":"c8c6c5c8c3c1m1r1a1"}'>Microsoft Defender Vulnerability Management</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c9c6c5c8c3c1m1r1a1","sN":9,"aN":"c6c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_107" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-intune-advanced-analytics" data-m='{"id":"n1c9c6c5c8c3c1m1r1a1","sN":1,"aN":"c9c6c5c8c3c1m1r1a1"}'>Microsoft Intune Advanced Analytics</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c10c6c5c8c3c1m1r1a1","sN":10,"aN":"c6c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_108" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-intune-endpoint-privilege-management" data-m='{"id":"n1c10c6c5c8c3c1m1r1a1","sN":1,"aN":"c10c6c5c8c3c1m1r1a1"}'>Microsoft Intune Endpoint Privilege Management​</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c11c6c5c8c3c1m1r1a1","sN":11,"aN":"c6c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_109" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-intune-enterprise-application-management" data-m='{"id":"n1c11c6c5c8c3c1m1r1a1","sN":1,"aN":"c11c6c5c8c3c1m1r1a1"}'>Microsoft Intune Enterprise Application Management</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c12c6c5c8c3c1m1r1a1","sN":12,"aN":"c6c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_110" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-intune-remote-help" data-m='{"id":"n1c12c6c5c8c3c1m1r1a1","sN":1,"aN":"c12c6c5c8c3c1m1r1a1"}'>Microsoft Intune Remote Help</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c13c6c5c8c3c1m1r1a1","sN":13,"aN":"c6c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_111" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/endpoint-management/microsoft-cloud-pki" data-m='{"id":"n1c13c6c5c8c3c1m1r1a1","sN":1,"aN":"c13c6c5c8c3c1m1r1a1"}'>Microsoft Cloud PKI</a>
            
        </li>
    </ul>
    
</li>
<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c7c5c8c3c1m1r1a1","sN":7,"aN":"c5c8c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_112-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c7c5c8c3c1m1r1a1","sN":1,"aN":"c7c5c8c3c1m1r1a1"}'>Risk management &amp; privacy</span>
    <button id="uhf-navbtn-shellmenu_112-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c7c5c8c3c1m1r1a1","sN":2,"aN":"c7c5c8c3c1m1r1a1"}'>Risk management &amp; privacy</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_112-span">
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurviewInsiderRiskManagement_cont","cT":"Container","id":"c3c7c5c8c3c1m1r1a1","sN":3,"aN":"c7c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_113" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/risk-management/microsoft-purview-insider-risk-management" data-m='{"cN":"CatNav_Products_PurviewInsiderRiskManagement_nav","id":"n1c3c7c5c8c3c1m1r1a1","sN":1,"aN":"c3c7c5c8c3c1m1r1a1"}'>Microsoft Purview Insider Risk Management</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurviewCommunicationCompliance_cont","cT":"Container","id":"c4c7c5c8c3c1m1r1a1","sN":4,"aN":"c7c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_114" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/risk-management/microsoft-purview-communication-compliance" data-m='{"cN":"CatNav_Products_PurviewCommunicationCompliance_nav","id":"n1c4c7c5c8c3c1m1r1a1","sN":1,"aN":"c4c7c5c8c3c1m1r1a1"}'>Microsoft Purview Communication Compliance</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurvieweDiscovery_cont","cT":"Container","id":"c5c7c5c8c3c1m1r1a1","sN":5,"aN":"c7c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_115" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/risk-management/microsoft-purview-ediscovery" data-m='{"cN":"CatNav_Products_PurvieweDiscovery_nav","id":"n1c5c7c5c8c3c1m1r1a1","sN":1,"aN":"c5c7c5c8c3c1m1r1a1"}'>Microsoft Purview eDiscovery</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurviewComplianceManager_cont","cT":"Container","id":"c6c7c5c8c3c1m1r1a1","sN":6,"aN":"c7c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_116" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/risk-management/microsoft-purview-compliance-manager" data-m='{"cN":"CatNav_Products_PurviewComplianceManager_nav","id":"n1c6c7c5c8c3c1m1r1a1","sN":1,"aN":"c6c7c5c8c3c1m1r1a1"}'>Microsoft Purview Compliance Manager</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c7c7c5c8c3c1m1r1a1","sN":7,"aN":"c7c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_117" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/risk-management/microsoft-purview-audit" data-m='{"id":"n1c7c7c5c8c3c1m1r1a1","sN":1,"aN":"c7c7c5c8c3c1m1r1a1"}'>Microsoft Purview Audit</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_PrivaRiskManagement_cont","cT":"Container","id":"c8c7c5c8c3c1m1r1a1","sN":8,"aN":"c7c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_118" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/privacy/microsoft-priva-risk-management" data-m='{"cN":"CatNav_Products_PrivaRiskManagement_nav","id":"n1c8c7c5c8c3c1m1r1a1","sN":1,"aN":"c8c7c5c8c3c1m1r1a1"}'>Microsoft Priva Risk Management</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_PrivaSubjectRightsRequests_cont","cT":"Container","id":"c9c7c5c8c3c1m1r1a1","sN":9,"aN":"c7c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_119" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/privacy/microsoft-priva-subject-rights-requests" data-m='{"cN":"CatNav_Products_PrivaSubjectRightsRequests_nav","id":"n1c9c7c5c8c3c1m1r1a1","sN":1,"aN":"c9c7c5c8c3c1m1r1a1"}'>Microsoft Priva Subject Rights Requests</a>
            
        </li>
    </ul>
    
</li>
<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c8c5c8c3c1m1r1a1","sN":8,"aN":"c5c8c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_120-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c8c5c8c3c1m1r1a1","sN":1,"aN":"c8c5c8c3c1m1r1a1"}'>Information protection</span>
    <button id="uhf-navbtn-shellmenu_120-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c8c5c8c3c1m1r1a1","sN":2,"aN":"c8c5c8c3c1m1r1a1"}'>Information protection</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_120-span">
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurviewInformationProtection_cont","cT":"Container","id":"c3c8c5c8c3c1m1r1a1","sN":3,"aN":"c8c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_121" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/information-protection/microsoft-purview-information-protection" data-m='{"cN":"CatNav_Products_PurviewInformationProtection_nav","id":"n1c3c8c5c8c3c1m1r1a1","sN":1,"aN":"c3c8c5c8c3c1m1r1a1"}'>Microsoft Purview Information Protection</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurviewDataLifecycleManagement_cont","cT":"Container","id":"c4c8c5c8c3c1m1r1a1","sN":4,"aN":"c8c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_122" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/information-protection/microsoft-purview-data-lifecycle-management" data-m='{"cN":"CatNav_Products_PurviewDataLifecycleManagement_nav","id":"n1c4c8c5c8c3c1m1r1a1","sN":1,"aN":"c4c8c5c8c3c1m1r1a1"}'>Microsoft Purview Data Lifecycle Management</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Products_PurviewDataLossPrevention_cont","cT":"Container","id":"c5c8c5c8c3c1m1r1a1","sN":5,"aN":"c8c5c8c3c1m1r1a1"}'>
            <a id="shellmenu_123" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/information-protection/microsoft-purview-data-loss-prevention" data-m='{"cN":"CatNav_Products_PurviewDataLossPrevention_nav","id":"n1c5c8c5c8c3c1m1r1a1","sN":1,"aN":"c5c8c5c8c3c1m1r1a1"}'>Microsoft Purview Data Loss Prevention</a>
            
        </li>
    </ul>
    
</li>
                                                    
                                </ul>
                            </div>
                        </li>                        <li class="nested-menu uhf-menu-item">
                            <div class="c-uhf-menu js-nav-menu">
                                <button type="button" id="c-shellmenu_124"  aria-expanded="false" data-m='{"cN":"CatNav_Services_Overview_nonnav","id":"nn6c8c3c1m1r1a1","sN":6,"aN":"c8c3c1m1r1a1"}'>Services</button>

                                <ul class="" data-class-idn="" aria-hidden="true" data-m='{"cN":"Services_Overview_cont","cT":"Container","id":"c7c8c3c1m1r1a1","sN":7,"aN":"c8c3c1m1r1a1"}'>
        <li class="js-nav-menu single-link" data-m='{"cN":"Services_MicrosoftSecurityExperts_cont","cT":"Container","id":"c1c7c8c3c1m1r1a1","sN":1,"aN":"c7c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_125" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/services" data-m='{"cN":"CatNav_Services_MicrosoftSecurityExperts_nav","id":"n1c1c7c8c3c1m1r1a1","sN":1,"aN":"c1c7c8c3c1m1r1a1"}'>Microsoft Security Experts</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c2c7c8c3c1m1r1a1","sN":2,"aN":"c7c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_126" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/services/microsoft-defender-experts-xdr" data-m='{"id":"n1c2c7c8c3c1m1r1a1","sN":1,"aN":"c2c7c8c3c1m1r1a1"}'>Microsoft Defender Experts for XDR</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Services_ExpertsHunting_cont","cT":"Container","id":"c3c7c8c3c1m1r1a1","sN":3,"aN":"c7c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_127" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/services/microsoft-defender-experts-hunting" data-m='{"cN":"CatNav_Services_ExpertsHunting_nav","id":"n1c3c7c8c3c1m1r1a1","sN":1,"aN":"c3c7c8c3c1m1r1a1"}'>Microsoft Defender Experts for Hunting</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Services_ExpertsIncidentResponse_cont","cT":"Container","id":"c4c7c8c3c1m1r1a1","sN":4,"aN":"c7c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_128" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/microsoft-incident-response" data-m='{"cN":"CatNav_Services_ExpertsIncidentResponse_nav","id":"n1c4c7c8c3c1m1r1a1","sN":1,"aN":"c4c7c8c3c1m1r1a1"}'>Microsoft Incident Response</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cT":"Container","id":"c5c7c8c3c1m1r1a1","sN":5,"aN":"c7c8c3c1m1r1a1"}'>
            <a id="c-shellmenu_129" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/services/microsoft-security-enterprise-services" data-m='{"id":"n1c5c7c8c3c1m1r1a1","sN":1,"aN":"c5c7c8c3c1m1r1a1"}'>Microsoft Security Enterprise Services</a>
            
        </li>
                                                    
                                </ul>
                            </div>
                        </li>                        <li class="single-link js-nav-menu uhf-menu-item">
                            <a id="c-shellmenu_130" class="c-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/partnerships" data-m='{"id":"n8c8c3c1m1r1a1","sN":8,"aN":"c8c3c1m1r1a1"}'>Partners</a>
                        </li>
                        <li class="nested-menu uhf-menu-item">
                            <div class="c-uhf-menu js-nav-menu">
                                <button type="button" id="c-shellmenu_131"  aria-expanded="false" data-m='{"id":"nn9c8c3c1m1r1a1","sN":9,"aN":"c8c3c1m1r1a1"}'>Resources</button>

                                <ul class="f-multi-column f-multi-column-5" data-class-idn="f-multi-column f-multi-column-5" aria-hidden="true" data-m='{"cT":"Container","id":"c10c8c3c1m1r1a1","sN":10,"aN":"c8c3c1m1r1a1"}'>
<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c1c10c8c3c1m1r1a1","sN":1,"aN":"c10c8c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_132-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c1c10c8c3c1m1r1a1","sN":1,"aN":"c1c10c8c3c1m1r1a1"}'>Get started</span>
    <button id="uhf-navbtn-shellmenu_132-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c1c10c8c3c1m1r1a1","sN":2,"aN":"c1c10c8c3c1m1r1a1"}'>Get started</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_132-span">
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_CybersecurityAwareness_cont","cT":"Container","id":"c3c1c10c8c3c1m1r1a1","sN":3,"aN":"c1c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_133" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/cybersecurity-awareness" data-m='{"cN":"CatNav_Resources_CybersecurityAwareness_nav","id":"n1c3c1c10c8c3c1m1r1a1","sN":1,"aN":"c3c1c10c8c3c1m1r1a1"}'>Cybersecurity awareness</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_CustomerStories_cont","cT":"Container","id":"c4c1c10c8c3c1m1r1a1","sN":4,"aN":"c1c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_134" class="js-subm-uhf-nav-link" href="https://customers.microsoft.com/en-us/search?sq=Microsoft%20Security&amp;ff=&amp;p=0&amp;so=story_publish_date%20desc" data-m='{"cN":"CatNav_Resources_CustomerStories_nav","id":"n1c4c1c10c8c3c1m1r1a1","sN":1,"aN":"c4c1c10c8c3c1m1r1a1"}'>Customer stories</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_Security101_cont","cT":"Container","id":"c5c1c10c8c3c1m1r1a1","sN":5,"aN":"c1c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_135" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/security-101" data-m='{"cN":"CatNav_Resources_Security101_nav","id":"n1c5c1c10c8c3c1m1r1a1","sN":1,"aN":"c5c1c10c8c3c1m1r1a1"}'>Security 101</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_GetStartedTrials_cont","cT":"Container","id":"c6c1c10c8c3c1m1r1a1","sN":6,"aN":"c1c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_136" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/get-started/start-free-trial" data-m='{"cN":"CatNav_Resources_GetStartedTrials_nav","id":"n1c6c1c10c8c3c1m1r1a1","sN":1,"aN":"c6c1c10c8c3c1m1r1a1"}'>Product trials</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_HowWeProtectMicrosoft_cont","cT":"Container","id":"c7c1c10c8c3c1m1r1a1","sN":7,"aN":"c1c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_137" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/insidetrack" data-m='{"cN":"CatNav_Resources_HowWeProtectMicrosoft_nav","id":"n1c7c1c10c8c3c1m1r1a1","sN":1,"aN":"c7c1c10c8c3c1m1r1a1"}'>How we protect Microsoft</a>
            
        </li>
    </ul>
    
</li>
<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c2c10c8c3c1m1r1a1","sN":2,"aN":"c10c8c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_138-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c2c10c8c3c1m1r1a1","sN":1,"aN":"c2c10c8c3c1m1r1a1"}'>Reports and analysis</span>
    <button id="uhf-navbtn-shellmenu_138-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c2c10c8c3c1m1r1a1","sN":2,"aN":"c2c10c8c3c1m1r1a1"}'>Reports and analysis</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_138-span">
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_IndustryRecognition_cont","cT":"Container","id":"c3c2c10c8c3c1m1r1a1","sN":3,"aN":"c2c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_139" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/reports-analysis/industry-recognized-cybersecurity-leader" data-m='{"cN":"CatNav_Resources_IndustryRecognition_nav","id":"n1c3c2c10c8c3c1m1r1a1","sN":1,"aN":"c3c2c10c8c3c1m1r1a1"}'>Industry recognition</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_SecurityInsider_cont","cT":"Container","id":"c4c2c10c8c3c1m1r1a1","sN":4,"aN":"c2c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_140" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/security-insider" data-m='{"cN":"CatNav_Resources_SecurityInsider_nav","id":"n1c4c2c10c8c3c1m1r1a1","sN":1,"aN":"c4c2c10c8c3c1m1r1a1"}'>Microsoft Security Insider</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_MDDR_cont","cT":"Container","id":"c5c2c10c8c3c1m1r1a1","sN":5,"aN":"c2c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_141" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023" data-m='{"cN":"CatNav_Resources_MDDR_nav","id":"n1c5c2c10c8c3c1m1r1a1","sN":1,"aN":"c5c2c10c8c3c1m1r1a1"}'>Microsoft Digital Defense Report</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_SecurityResposeCenter_cont","cT":"Container","id":"c6c2c10c8c3c1m1r1a1","sN":6,"aN":"c2c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_142" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/msrc/" data-m='{"cN":"CatNav_Resources_SecurityResposeCenter_nav","id":"n1c6c2c10c8c3c1m1r1a1","sN":1,"aN":"c6c2c10c8c3c1m1r1a1"}'>Security Response Center</a>
            
        </li>
    </ul>
    
</li>
<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c3c10c8c3c1m1r1a1","sN":3,"aN":"c10c8c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_143-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c3c10c8c3c1m1r1a1","sN":1,"aN":"c3c10c8c3c1m1r1a1"}'>Community</span>
    <button id="uhf-navbtn-shellmenu_143-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c3c10c8c3c1m1r1a1","sN":2,"aN":"c3c10c8c3c1m1r1a1"}'>Community</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_143-span">
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_SecurityBlog_cont","cT":"Container","id":"c3c3c10c8c3c1m1r1a1","sN":3,"aN":"c3c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_144" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/blog/" data-m='{"cN":"CatNav_Resources_SecurityBlog_nav","id":"n1c3c3c10c8c3c1m1r1a1","sN":1,"aN":"c3c3c10c8c3c1m1r1a1"}'>Microsoft Security Blog</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_SecurityEvents_cont","cT":"Container","id":"c4c3c10c8c3c1m1r1a1","sN":4,"aN":"c3c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_145" class="js-subm-uhf-nav-link" href="https://events.microsoft.com/en-us/allevents/?language=English&amp;clientTimeZone=1&amp;search=security" data-m='{"cN":"CatNav_Resources_SecurityEvents_nav","id":"n1c4c3c10c8c3c1m1r1a1","sN":1,"aN":"c4c3c10c8c3c1m1r1a1"}'>Microsoft Security Events</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_SecurityTechCommunity_cont","cT":"Container","id":"c5c3c10c8c3c1m1r1a1","sN":5,"aN":"c3c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_146" class="js-subm-uhf-nav-link" href="https://techcommunity.microsoft.com/t5/security-compliance-and-identity/ct-p/MicrosoftSecurityandCompliance" data-m='{"cN":"CatNav_Resources_SecurityTechCommunity_nav","id":"n1c5c3c10c8c3c1m1r1a1","sN":1,"aN":"c5c3c10c8c3c1m1r1a1"}'>Microsoft Tech Community</a>
            
        </li>
    </ul>
    
</li>
<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c4c10c8c3c1m1r1a1","sN":4,"aN":"c10c8c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_147-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c4c10c8c3c1m1r1a1","sN":1,"aN":"c4c10c8c3c1m1r1a1"}'>Documentation and training</span>
    <button id="uhf-navbtn-shellmenu_147-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c4c10c8c3c1m1r1a1","sN":2,"aN":"c4c10c8c3c1m1r1a1"}'>Documentation and training</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_147-span">
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_SecurityDocs_cont","cT":"Container","id":"c3c4c10c8c3c1m1r1a1","sN":3,"aN":"c4c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_148" class="js-subm-uhf-nav-link" href="https://docs.microsoft.com/en-us/security/" data-m='{"cN":"CatNav_Resources_SecurityDocs_nav","id":"n1c3c4c10c8c3c1m1r1a1","sN":1,"aN":"c3c4c10c8c3c1m1r1a1"}'>Documentation</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_TechnicalContentLibrary_cont","cT":"Container","id":"c4c4c10c8c3c1m1r1a1","sN":4,"aN":"c4c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_149" class="js-subm-uhf-nav-link" href="https://learn.microsoft.com/en-us/security" data-m='{"cN":"CatNav_Resources_TechnicalContentLibrary_nav","id":"n1c4c4c10c8c3c1m1r1a1","sN":1,"aN":"c4c4c10c8c3c1m1r1a1"}'>Technical Content Library</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_TrainingandCertifications_cont","cT":"Container","id":"c5c4c10c8c3c1m1r1a1","sN":5,"aN":"c4c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_150" class="js-subm-uhf-nav-link" href="https://docs.microsoft.com/en-us/learn/topics/sci?wt.mc_id=techcom_header-webpage-m365" data-m='{"cN":"CatNav_Resources_TrainingandCertifications_nav","id":"n1c5c4c10c8c3c1m1r1a1","sN":1,"aN":"c5c4c10c8c3c1m1r1a1"}'>Training &amp; certifications</a>
            
        </li>
    </ul>
    
</li>
<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c5c10c8c3c1m1r1a1","sN":5,"aN":"c10c8c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_151-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c5c10c8c3c1m1r1a1","sN":1,"aN":"c5c10c8c3c1m1r1a1"}'>Additional sites</span>
    <button id="uhf-navbtn-shellmenu_151-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c5c10c8c3c1m1r1a1","sN":2,"aN":"c5c10c8c3c1m1r1a1"}'>Additional sites</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_151-span">
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_ComplianceProgram_cont","cT":"Container","id":"c3c5c10c8c3c1m1r1a1","sN":3,"aN":"c5c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_152" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/services/compliance-program-microsoft-cloud" data-m='{"cN":"CatNav_Resources_ComplianceProgram_nav","id":"n1c3c5c10c8c3c1m1r1a1","sN":1,"aN":"c3c5c10c8c3c1m1r1a1"}'>Compliance Program for Microsoft Cloud</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_TrustCenter_cont","cT":"Container","id":"c4c5c10c8c3c1m1r1a1","sN":4,"aN":"c5c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_153" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/trust-center" data-m='{"cN":"CatNav_Resources_TrustCenter_nav","id":"n1c4c5c10c8c3c1m1r1a1","sN":1,"aN":"c4c5c10c8c3c1m1r1a1"}'>Microsoft Trust Center</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_SecurityEngineeringPortal_cont","cT":"Container","id":"c5c5c10c8c3c1m1r1a1","sN":5,"aN":"c5c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_154" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/securityengineering" data-m='{"cN":"CatNav_Resources_SecurityEngineeringPortal_nav","id":"n1c5c5c10c8c3c1m1r1a1","sN":1,"aN":"c5c5c10c8c3c1m1r1a1"}'>Security Engineering Portal</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_ServiceTrustPortal_cont","cT":"Container","id":"c6c5c10c8c3c1m1r1a1","sN":6,"aN":"c5c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_155" class="js-subm-uhf-nav-link" href="https://servicetrust.microsoft.com/" data-m='{"cN":"CatNav_Resources_ServiceTrustPortal_nav","id":"n1c6c5c10c8c3c1m1r1a1","sN":1,"aN":"c6c5c10c8c3c1m1r1a1"}'>Service Trust Portal</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Resources_BuiltInSecurity_cont","cT":"Container","id":"c7c5c10c8c3c1m1r1a1","sN":7,"aN":"c5c10c8c3c1m1r1a1"}'>
            <a id="shellmenu_156" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/microsoft-cloud/resources/built-in-security" data-m='{"cN":"CatNav_Resources_BuiltInSecurity_nav","id":"n1c7c5c10c8c3c1m1r1a1","sN":1,"aN":"c7c5c10c8c3c1m1r1a1"}'>Microsoft built in security</a>
            
        </li>
    </ul>
    
</li>
                                                    
                                </ul>
                            </div>
                        </li>                        <li class="single-link js-nav-menu uhf-menu-item">
                            <a id="c-shellmenu_157" class="c-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/get-started/contact-us" data-m='{"cN":"CatNav_Resources_ContactSales_nav","id":"n11c8c3c1m1r1a1","sN":11,"aN":"c8c3c1m1r1a1"}'>Contact Sales</a>
                        </li>


                <li id="overflow-menu" class="overflow-menu x-hidden uhf-menu-item">
                        <div class="c-uhf-menu js-nav-menu">
        <button data-m='{"pid":"More","id":"nn12c8c3c1m1r1a1","sN":12,"aN":"c8c3c1m1r1a1"}' type="button" aria-label="More" aria-expanded="false">More</button>
        <ul id="overflow-menu-list" aria-hidden="true" class="overflow-menu-list">
        </ul>
    </div>

                </li>
                                    <li class="single-link js-nav-menu" id="c-uhf-nav-cta">
                        <a  class="c-uhf-nav-link" href="https://www.microsoft.com/en-us/security/business/get-started/start-free-trial" data-m='{"cN":"CatNav_cta_Start free trial_nav","id":"n13c8c3c1m1r1a1","sN":13,"aN":"c8c3c1m1r1a1"}'>Start free trial</a>
                    </li>
            </ul>
            
        </nav>


            <div class="c-uhfh-actions" data-m='{"cN":"Header actions_cont","cT":"Container","id":"c9c3c1m1r1a1","sN":9,"aN":"c3c1m1r1a1"}'>
                <div class="wf-menu">        <nav id="uhf-c-nav" aria-label="All Microsoft menu" data-m='{"cN":"GlobalNav_cont","cT":"Container","id":"c1c9c3c1m1r1a1","sN":1,"aN":"c9c3c1m1r1a1"}'>
            <ul class="js-paddle-items">
                <li>
                    <div class="c-uhf-menu js-nav-menu">
                        <button type="button" class="c-button-logo all-ms-nav" aria-expanded="false" data-m='{"cN":"GlobalNav_More_nonnav","id":"nn1c1c9c3c1m1r1a1","sN":1,"aN":"c1c9c3c1m1r1a1"}'> <span>All Microsoft</span></button>
                        <ul class="f-multi-column f-multi-column-4" aria-hidden="true" data-m='{"cN":"More_cont","cT":"Container","id":"c2c1c9c3c1m1r1a1","sN":2,"aN":"c1c9c3c1m1r1a1"}'>
                                    <li class="c-w0-contr">
            <h2 class="c-uhf-sronly">Global</h2>
            <ul class="c-w0">
        <li class="js-nav-menu single-link" data-m='{"cN":"Microsoft Security_cont","cT":"Container","id":"c1c2c1c9c3c1m1r1a1","sN":1,"aN":"c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_0" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/security" data-m='{"cN":"W0Nav_Microsoft Security_nav","id":"n1c1c2c1c9c3c1m1r1a1","sN":1,"aN":"c1c2c1c9c3c1m1r1a1"}'>Microsoft Security</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Azure_cont","cT":"Container","id":"c2c2c1c9c3c1m1r1a1","sN":2,"aN":"c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_1" class="js-subm-uhf-nav-link" href="https://azure.microsoft.com/en-us/" data-m='{"cN":"W0Nav_Azure_nav","id":"n1c2c2c1c9c3c1m1r1a1","sN":1,"aN":"c2c2c1c9c3c1m1r1a1"}'>Azure</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Dynamics 365_cont","cT":"Container","id":"c3c2c1c9c3c1m1r1a1","sN":3,"aN":"c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_2" class="js-subm-uhf-nav-link" href="https://dynamics.microsoft.com/en-us/" data-m='{"cN":"W0Nav_Dynamics 365_nav","id":"n1c3c2c1c9c3c1m1r1a1","sN":1,"aN":"c3c2c1c9c3c1m1r1a1"}'>Dynamics 365</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Microsoft 365_cont","cT":"Container","id":"c4c2c1c9c3c1m1r1a1","sN":4,"aN":"c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_3" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/microsoft-365/business/" data-m='{"cN":"W0Nav_Microsoft 365_nav","id":"n1c4c2c1c9c3c1m1r1a1","sN":1,"aN":"c4c2c1c9c3c1m1r1a1"}'>Microsoft 365</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Microsoft Teams_cont","cT":"Container","id":"c5c2c1c9c3c1m1r1a1","sN":5,"aN":"c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_4" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/microsoft-teams/group-chat-software" data-m='{"cN":"W0Nav_Microsoft Teams_nav","id":"n1c5c2c1c9c3c1m1r1a1","sN":1,"aN":"c5c2c1c9c3c1m1r1a1"}'>Microsoft Teams</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"Windows 365_cont","cT":"Container","id":"c6c2c1c9c3c1m1r1a1","sN":6,"aN":"c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_5" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/windows-365" data-m='{"cN":"W0Nav_Windows 365_nav","id":"n1c6c2c1c9c3c1m1r1a1","sN":1,"aN":"c6c2c1c9c3c1m1r1a1"}'>Windows 365</a>
            
        </li>
            </ul>
        </li>

<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c7c2c1c9c3c1m1r1a1","sN":7,"aN":"c2c1c9c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_7-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c7c2c1c9c3c1m1r1a1","sN":1,"aN":"c7c2c1c9c3c1m1r1a1"}'>Tech &amp; innovation</span>
    <button id="uhf-navbtn-shellmenu_7-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c7c2c1c9c3c1m1r1a1","sN":2,"aN":"c7c2c1c9c3c1m1r1a1"}'>Tech &amp; innovation</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_7-span">
        <li class="js-nav-menu single-link" data-m='{"cN":"More_TechInnovation_MicrosoftCloud_cont","cT":"Container","id":"c3c7c2c1c9c3c1m1r1a1","sN":3,"aN":"c7c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_8" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/microsoft-cloud" data-m='{"cN":"GlobalNav_More_TechInnovation_MicrosoftCloud_nav","id":"n1c3c7c2c1c9c3c1m1r1a1","sN":1,"aN":"c3c7c2c1c9c3c1m1r1a1"}'>Microsoft Cloud</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_TechInnovation__AI_cont","cT":"Container","id":"c4c7c2c1c9c3c1m1r1a1","sN":4,"aN":"c7c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_9" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/ai" data-m='{"cN":"GlobalNav_More_TechInnovation__AI_nav","id":"n1c4c7c2c1c9c3c1m1r1a1","sN":1,"aN":"c4c7c2c1c9c3c1m1r1a1"}'>AI</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_TechInnovation_AzureSpace_cont","cT":"Container","id":"c5c7c2c1c9c3c1m1r1a1","sN":5,"aN":"c7c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_10" class="js-subm-uhf-nav-link" href="https://azure.microsoft.com/en-us/solutions/space/" data-m='{"cN":"GlobalNav_More_TechInnovation_AzureSpace_nav","id":"n1c5c7c2c1c9c3c1m1r1a1","sN":1,"aN":"c5c7c2c1c9c3c1m1r1a1"}'>Azure Space</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_TechInnovation_MixedReality_cont","cT":"Container","id":"c6c7c2c1c9c3c1m1r1a1","sN":6,"aN":"c7c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_11" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/mixed-reality/windows-mixed-reality" data-m='{"cN":"GlobalNav_More_TechInnovation_MixedReality_nav","id":"n1c6c7c2c1c9c3c1m1r1a1","sN":1,"aN":"c6c7c2c1c9c3c1m1r1a1"}'>Mixed reality</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_TechInnovation_MicrosoftHololens_cont","cT":"Container","id":"c7c7c2c1c9c3c1m1r1a1","sN":7,"aN":"c7c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_12" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/hololens" data-m='{"cN":"GlobalNav_More_TechInnovation_MicrosoftHololens_nav","id":"n1c7c7c2c1c9c3c1m1r1a1","sN":1,"aN":"c7c7c2c1c9c3c1m1r1a1"}'>Microsoft HoloLens</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_TechInnovation_Microsoft Viva_cont","cT":"Container","id":"c8c7c2c1c9c3c1m1r1a1","sN":8,"aN":"c7c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_13" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/microsoft-viva" data-m='{"cN":"GlobalNav_More_TechInnovation_Microsoft Viva_nav","id":"n1c8c7c2c1c9c3c1m1r1a1","sN":1,"aN":"c8c7c2c1c9c3c1m1r1a1"}'>Microsoft Viva</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_TechInnovation_QuantumComputing_cont","cT":"Container","id":"c9c7c2c1c9c3c1m1r1a1","sN":9,"aN":"c7c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_14" class="js-subm-uhf-nav-link" href="https://azure.microsoft.com/en-us/solutions/quantum-computing/" data-m='{"cN":"GlobalNav_More_TechInnovation_QuantumComputing_nav","id":"n1c9c7c2c1c9c3c1m1r1a1","sN":1,"aN":"c9c7c2c1c9c3c1m1r1a1"}'>Quantum computing</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_TechInnovation_Sustainability_cont","cT":"Container","id":"c10c7c2c1c9c3c1m1r1a1","sN":10,"aN":"c7c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_15" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/sustainability/" data-m='{"cN":"GlobalNav_More_TechInnovation_Sustainability_nav","id":"n1c10c7c2c1c9c3c1m1r1a1","sN":1,"aN":"c10c7c2c1c9c3c1m1r1a1"}'>Sustainability</a>
            
        </li>
    </ul>
    
</li>
<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c8c2c1c9c3c1m1r1a1","sN":8,"aN":"c2c1c9c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_16-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c8c2c1c9c3c1m1r1a1","sN":1,"aN":"c8c2c1c9c3c1m1r1a1"}'>Industries</span>
    <button id="uhf-navbtn-shellmenu_16-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c8c2c1c9c3c1m1r1a1","sN":2,"aN":"c8c2c1c9c3c1m1r1a1"}'>Industries</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_16-span">
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Industries_Education_cont","cT":"Container","id":"c3c8c2c1c9c3c1m1r1a1","sN":3,"aN":"c8c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_17" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/education" data-m='{"cN":"GlobalNav_More_Industries_Education_nav","id":"n1c3c8c2c1c9c3c1m1r1a1","sN":1,"aN":"c3c8c2c1c9c3c1m1r1a1"}'>Education</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Industries_Automotive_cont","cT":"Container","id":"c4c8c2c1c9c3c1m1r1a1","sN":4,"aN":"c8c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_18" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/industry/automotive" data-m='{"cN":"GlobalNav_More_Industries_Automotive_nav","id":"n1c4c8c2c1c9c3c1m1r1a1","sN":1,"aN":"c4c8c2c1c9c3c1m1r1a1"}'>Automotive</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Industries_Financialservices_cont","cT":"Container","id":"c5c8c2c1c9c3c1m1r1a1","sN":5,"aN":"c8c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_19" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/industry/financial-services/banking" data-m='{"cN":"GlobalNav_More_Industries_Financialservices_nav","id":"n1c5c8c2c1c9c3c1m1r1a1","sN":1,"aN":"c5c8c2c1c9c3c1m1r1a1"}'>Financial services</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Industries_Government_cont","cT":"Container","id":"c6c8c2c1c9c3c1m1r1a1","sN":6,"aN":"c8c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_20" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/industry/government" data-m='{"cN":"GlobalNav_More_Industries_Government_nav","id":"n1c6c8c2c1c9c3c1m1r1a1","sN":1,"aN":"c6c8c2c1c9c3c1m1r1a1"}'>Government</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Industries_Health_cont","cT":"Container","id":"c7c8c2c1c9c3c1m1r1a1","sN":7,"aN":"c8c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_21" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/industry/health" data-m='{"cN":"GlobalNav_More_Industries_Health_nav","id":"n1c7c8c2c1c9c3c1m1r1a1","sN":1,"aN":"c7c8c2c1c9c3c1m1r1a1"}'>Healthcare</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Industries_Manufacturing_cont","cT":"Container","id":"c8c8c2c1c9c3c1m1r1a1","sN":8,"aN":"c8c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_22" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/industry/manufacturing" data-m='{"cN":"GlobalNav_More_Industries_Manufacturing_nav","id":"n1c8c8c2c1c9c3c1m1r1a1","sN":1,"aN":"c8c8c2c1c9c3c1m1r1a1"}'>Manufacturing</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Industries_Retail_cont","cT":"Container","id":"c9c8c2c1c9c3c1m1r1a1","sN":9,"aN":"c8c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_23" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/industry/retail-consumer-goods" data-m='{"cN":"GlobalNav_More_Industries_Retail_nav","id":"n1c9c8c2c1c9c3c1m1r1a1","sN":1,"aN":"c9c8c2c1c9c3c1m1r1a1"}'>Retail</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Industries_Allindustries_cont","cT":"Container","id":"c10c8c2c1c9c3c1m1r1a1","sN":10,"aN":"c8c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_24" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/industry" data-m='{"cN":"GlobalNav_More_Industries_Allindustries_nav","id":"n1c10c8c2c1c9c3c1m1r1a1","sN":1,"aN":"c10c8c2c1c9c3c1m1r1a1"}'>All industries</a>
            
        </li>
    </ul>
    
</li>
<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c9c2c1c9c3c1m1r1a1","sN":9,"aN":"c2c1c9c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_25-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c9c2c1c9c3c1m1r1a1","sN":1,"aN":"c9c2c1c9c3c1m1r1a1"}'>Partners</span>
    <button id="uhf-navbtn-shellmenu_25-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c9c2c1c9c3c1m1r1a1","sN":2,"aN":"c9c2c1c9c3c1m1r1a1"}'>Partners</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_25-span">
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Partner_FindPartner_cont","cT":"Container","id":"c3c9c2c1c9c3c1m1r1a1","sN":3,"aN":"c9c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_26" class="js-subm-uhf-nav-link" href="https://partner.microsoft.com/en-US/" data-m='{"cN":"GlobalNav_More_Partner_FindPartner_nav","id":"n1c3c9c2c1c9c3c1m1r1a1","sN":1,"aN":"c3c9c2c1c9c3c1m1r1a1"}'>Find a partner</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Partner_BecomePartner_cont","cT":"Container","id":"c4c9c2c1c9c3c1m1r1a1","sN":4,"aN":"c9c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_27" class="js-subm-uhf-nav-link" href="https://partner.microsoft.com/en-US/membership/cloud-solution-provider" data-m='{"cN":"GlobalNav_More_Partner_BecomePartner_nav","id":"n1c4c9c2c1c9c3c1m1r1a1","sN":1,"aN":"c4c9c2c1c9c3c1m1r1a1"}'>Become a partner</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Partner_PartnerNetwork_cont","cT":"Container","id":"c5c9c2c1c9c3c1m1r1a1","sN":5,"aN":"c9c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_28" class="js-subm-uhf-nav-link" href="https://partner.microsoft.com/en-us/membership" data-m='{"cN":"GlobalNav_More_Partner_PartnerNetwork_nav","id":"n1c5c9c2c1c9c3c1m1r1a1","sN":1,"aN":"c5c9c2c1c9c3c1m1r1a1"}'>Partner Network</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Partner_FindAdvertisingPartner_cont","cT":"Container","id":"c6c9c2c1c9c3c1m1r1a1","sN":6,"aN":"c9c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_29" class="js-subm-uhf-nav-link" href="https://about.ads.microsoft.com/en-us/resources/microsoft-advertising-partner-program/microsoft-advertising-partner-program" data-m='{"cN":"GlobalNav_More_Partner_FindAdvertisingPartner_nav","id":"n1c6c9c2c1c9c3c1m1r1a1","sN":1,"aN":"c6c9c2c1c9c3c1m1r1a1"}'>Find an advertising partner</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Partner_BecomeAdvertisingPartner_cont","cT":"Container","id":"c7c9c2c1c9c3c1m1r1a1","sN":7,"aN":"c9c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_30" class="js-subm-uhf-nav-link" href="https://about.ads.microsoft.com/en-us/partners/welcome?s_cid=en-us-gct-web-src_ext-sub_0-flx_uhfcombepartner" data-m='{"cN":"GlobalNav_More_Partner_BecomeAdvertisingPartner_nav","id":"n1c7c9c2c1c9c3c1m1r1a1","sN":1,"aN":"c7c9c2c1c9c3c1m1r1a1"}'>Become an advertising partner</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Partner_AzureMarketplace_cont","cT":"Container","id":"c8c9c2c1c9c3c1m1r1a1","sN":8,"aN":"c9c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_31" class="js-subm-uhf-nav-link" href="https://azuremarketplace.microsoft.com/en-us/" data-m='{"cN":"GlobalNav_More_Partner_AzureMarketplace_nav","id":"n1c8c9c2c1c9c3c1m1r1a1","sN":1,"aN":"c8c9c2c1c9c3c1m1r1a1"}'>Azure Marketplace</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Partner_AppSource_cont","cT":"Container","id":"c9c9c2c1c9c3c1m1r1a1","sN":9,"aN":"c9c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_32" class="js-subm-uhf-nav-link" href="https://appsource.microsoft.com/en-us/" data-m='{"cN":"GlobalNav_More_Partner_AppSource_nav","id":"n1c9c9c2c1c9c3c1m1r1a1","sN":1,"aN":"c9c9c2c1c9c3c1m1r1a1"}'>AppSource</a>
            
        </li>
    </ul>
    
</li>
<li class="f-sub-menu js-nav-menu nested-menu" data-m='{"cT":"Container","id":"c10c2c1c9c3c1m1r1a1","sN":10,"aN":"c2c1c9c3c1m1r1a1"}'>

    <span id="uhf-navspn-shellmenu_33-span" style="display:none"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn1c10c2c1c9c3c1m1r1a1","sN":1,"aN":"c10c2c1c9c3c1m1r1a1"}'>Resources</span>
    <button id="uhf-navbtn-shellmenu_33-button" type="button"   f-multi-parent="true" aria-expanded="false" data-m='{"id":"nn2c10c2c1c9c3c1m1r1a1","sN":2,"aN":"c10c2c1c9c3c1m1r1a1"}'>Resources</button>
    <ul aria-hidden="true" aria-labelledby="uhf-navspn-shellmenu_33-span">
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Resources_Blog_cont","cT":"Container","id":"c3c10c2c1c9c3c1m1r1a1","sN":3,"aN":"c10c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_34" class="js-subm-uhf-nav-link" href="https://blogs.microsoft.com/" data-m='{"cN":"GlobalNav_More_Resources_Blog_nav","id":"n1c3c10c2c1c9c3c1m1r1a1","sN":1,"aN":"c3c10c2c1c9c3c1m1r1a1"}'>Blog</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Resources_MicrosoftAdvertising_cont","cT":"Container","id":"c4c10c2c1c9c3c1m1r1a1","sN":4,"aN":"c10c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_35" class="js-subm-uhf-nav-link" href="https://about.ads.microsoft.com/en-us?s_cid=dig-src_uhfcomm" data-m='{"cN":"GlobalNav_More_Resources_MicrosoftAdvertising_nav","id":"n1c4c10c2c1c9c3c1m1r1a1","sN":1,"aN":"c4c10c2c1c9c3c1m1r1a1"}'>Microsoft Advertising</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Resources_DeveloperCenter_cont","cT":"Container","id":"c5c10c2c1c9c3c1m1r1a1","sN":5,"aN":"c10c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_36" class="js-subm-uhf-nav-link" href="https://developer.microsoft.com/en-us/" data-m='{"cN":"GlobalNav_More_Resources_DeveloperCenter_nav","id":"n1c5c10c2c1c9c3c1m1r1a1","sN":1,"aN":"c5c10c2c1c9c3c1m1r1a1"}'>Developer Center</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Resources_Documentation_cont","cT":"Container","id":"c6c10c2c1c9c3c1m1r1a1","sN":6,"aN":"c10c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_37" class="js-subm-uhf-nav-link" href="https://learn.microsoft.com/docs/" data-m='{"cN":"GlobalNav_More_Resources_Documentation_nav","id":"n1c6c10c2c1c9c3c1m1r1a1","sN":1,"aN":"c6c10c2c1c9c3c1m1r1a1"}'>Documentation</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Resources_Events_cont","cT":"Container","id":"c7c10c2c1c9c3c1m1r1a1","sN":7,"aN":"c10c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_38" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/events" data-m='{"cN":"GlobalNav_More_Resources_Events_nav","id":"n1c7c10c2c1c9c3c1m1r1a1","sN":1,"aN":"c7c10c2c1c9c3c1m1r1a1"}'>Events</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Resources_Licensing_cont","cT":"Container","id":"c8c10c2c1c9c3c1m1r1a1","sN":8,"aN":"c10c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_39" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/licensing/" data-m='{"cN":"GlobalNav_More_Resources_Licensing_nav","id":"n1c8c10c2c1c9c3c1m1r1a1","sN":1,"aN":"c8c10c2c1c9c3c1m1r1a1"}'>Licensing</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Resources_MicrosoftLearn_cont","cT":"Container","id":"c9c10c2c1c9c3c1m1r1a1","sN":9,"aN":"c10c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_40" class="js-subm-uhf-nav-link" href="https://learn.microsoft.com/" data-m='{"cN":"GlobalNav_More_Resources_MicrosoftLearn_nav","id":"n1c9c10c2c1c9c3c1m1r1a1","sN":1,"aN":"c9c10c2c1c9c3c1m1r1a1"}'>Microsoft Learn</a>
            
        </li>
        <li class="js-nav-menu single-link" data-m='{"cN":"More_Resources_MicrosoftResearch_cont","cT":"Container","id":"c10c10c2c1c9c3c1m1r1a1","sN":10,"aN":"c10c2c1c9c3c1m1r1a1"}'>
            <a id="shellmenu_41" class="js-subm-uhf-nav-link" href="https://www.microsoft.com/en-us/research/" data-m='{"cN":"GlobalNav_More_Resources_MicrosoftResearch_nav","id":"n1c10c10c2c1c9c3c1m1r1a1","sN":1,"aN":"c10c10c2c1c9c3c1m1r1a1"}'>Microsoft Research</a>
            
        </li>
    </ul>
    
</li>
                                                            <li class="f-multi-column-info">
                                    <a data-m='{"id":"n11c2c1c9c3c1m1r1a1","sN":11,"aN":"c2c1c9c3c1m1r1a1"}' href="https://www.microsoft.com/en-us/sitemap.aspx" aria-label="" class="c-glyph">View Sitemap</a>
                                </li>
                            
                        </ul>
                    </div>
                </li>
            </ul>
        </nav>
</div>
                            <form class="c-search" autocomplete="off" id="searchForm" name="searchForm" role="search" action="https://www.microsoft.com/en-us/security/site-search" method="GET" data-seAutoSuggest='' data-seautosuggestapi="https://www.microsoft.com/msstoreapiprod/api/autosuggest" data-m='{"cN":"GlobalNav_Search_cont","cT":"Container","id":"c3c1c9c3c1m1r1a1","sN":3,"aN":"c1c9c3c1m1r1a1"}' aria-expanded="false">
                                <input  id="cli_shellHeaderSearchInput" aria-label="Search Expanded" aria-autocomplete="list" aria-expanded="false" aria-controls="universal-header-search-auto-suggest-transparent" aria-owns="universal-header-search-auto-suggest-ul" type="search" name="q" role="combobox" placeholder="Search Microsoft Security" data-m='{"cN":"SearchBox_nav","id":"n1c3c1c9c3c1m1r1a1","sN":1,"aN":"c3c1c9c3c1m1r1a1"}' data-toggle="tooltip" data-placement="right" title="Search Microsoft Security" />
                                    <button id="search" aria-label="Search Microsoft Security" class="c-glyph" data-m='{"cN":"Search_nav","id":"n2c3c1c9c3c1m1r1a1","sN":2,"aN":"c3c1c9c3c1m1r1a1"}' data-bi-mto="true" aria-expanded="false" disabled="disabled">
                                        <span role="presentation">Search</span>
                                        <span role="tooltip" class="c-uhf-tooltip c-uhf-search-tooltip">Search Microsoft Security</span>
                                    </button>
                                <div class="m-auto-suggest" id="universal-header-search-auto-suggest-transparent" role="group">
                                    <ul class="c-menu" id="universal-header-search-auto-suggest-ul" aria-label="Search Suggestions" aria-hidden="true" data-bi-dnt="true" data-bi-mto="true" data-js-auto-suggest-position="default" role="listbox" data-tel="jsll" data-m='{"cN":"search suggestions_cont","cT":"Container","id":"c3c3c1c9c3c1m1r1a1","sN":3,"aN":"c3c1c9c3c1m1r1a1"}'></ul>
                                    <ul class="c-menu f-auto-suggest-no-results" aria-hidden="true" data-js-auto-suggest-postion="default" data-js-auto-suggest-position="default" role="listbox">
                                        <li class="c-menu-item"> <span tabindex="-1">No results</span></li>
                                    </ul>
                                </div>
                                
                            </form>
                        <button data-m='{"cN":"cancel-search","pid":"Cancel Search","id":"nn4c1c9c3c1m1r1a1","sN":4,"aN":"c1c9c3c1m1r1a1"}' id="cancel-search" class="cancel-search" aria-label="Cancel Search">
                            <span>Cancel</span>
                        </button>
                
            </div>
        </div>
        
        
    </div>
    
</header>




    </div>
        </div>

    </div>		<div id="header-container" class="header-container">
			
			

					</div>

			<main id="mainContent" class="main">
			<div class="bg-gray-100 dark-bg-black">
				<div class="search-header pt-0 pb-g py-md-4 border-top">
	<div class="container">
		<div class="front-page__navigation-search row justify-content-between align-items-center">
			<div class="col-12 col-md">
									<div class="search-header-breadcrumb d-flex py-g py-md-0" data-bi-an="breadcrumb">
	<nav
		class="flex-grow-1 pr-3"
		aria-label="Your location in the site"
	>
		<ol class="breadcrumb p-0 m-0">
			<li class="breadcrumb-item d-inline-flex">
				<span class="breadcrumbs__icon glyph-prepend glyph-prepend-home mr-2 d-flex align-items-center text-neutral-600"></span>
				<a
					class="small"
					data-bi-cn="Blog home"
					data-bi-ct="link"
					href="https://www.microsoft.com/en-us/security/blog/"
				>
					Blog home				</a>
			</li>
			<li class="breadcrumb-item active small" aria-current="page">Threat intelligence</li>
		</ol>
	</nav>
</div>
							</div>
			<div class="col-12 col-md-4 border-top border-neutral-300 border-top-md-0">
				<div id="header-search" class="header-search pt-g pt-md-0">
	<div id="header-search-content" class="header-search__content">
		<div itemscope itemtype="http://schema.org/WebSite">
	<form
		role="search"
		id="searchform-1"
		action="https://www.microsoft.com/en-us/security/blog/"
		class="search-form"
		type="searchForm"
	>
		<meta itemprop="target" content="https://www.microsoft.com/en-us/security/blog/?s={s}" />
		<label for="searchform-1-field" class="sr-only">
			Search the Microsoft security blog		</label>
		<div class="bg-white dark-bg-gray-900 dark-text-white dark-border-gray-700 border border-gray-300 d-flex">
			<input
				itemprop="query-input"
				class="form-control form-control-sm border-0 flex-grow-1 h-100 py-2"
				type="search"
				id="searchform-1-field"
				name="s"
				placeholder="Search the blog"
				value=""
			>
			<button class="btn btn-link-secondary m-0 py-1" type="submit">
				<span class="sr-only">Submit</span>
					<span  class="svg" aria-hidden="true">
		<svg fill="none" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 13" width="13" height="12"><path d="M4.833.097a4.833 4.833 0 0 1 3.753 7.879l3.268 3.267a.5.5 0 0 1-.651.756l-.057-.049L7.88 8.683A4.833 4.833 0 1 1 4.833.097Zm0 1a3.833 3.833 0 1 0 0 7.666 3.833 3.833 0 0 0 0-7.666Z" fill="#4C4C51" /></svg>	</span>
				</button>
		</div>
	</form>
</div>
	</div>
</div>
			</div>
		</div>
	</div>
</div>
				
<div class="container">
	<header class="single__header pb-md-5" data-bi-an="single header">
		<div class="card-offset flipped d-block mx-ng mx-md-0 has-post-thumbnail">
			<div class="card-background row no-gutters material-surface material-color-brand">
									<div class="single__featured-image col-md-6">
						<div class="card-img">
							<picture class="embed-responsive">
								<img width="1024" height="683" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/CLO20b_Alain_Jean_Cafe_001-1024x683.jpg" class="embed-responsive-item img-object-cover" alt="a man sitting in front of a laptop computer" decoding="async" fetchpriority="high" srcset="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/CLO20b_Alain_Jean_Cafe_001-1024x683.jpg 1024w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/CLO20b_Alain_Jean_Cafe_001-300x200.jpg 300w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/CLO20b_Alain_Jean_Cafe_001-768x512.jpg 768w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/CLO20b_Alain_Jean_Cafe_001-1536x1024.jpg 1536w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/CLO20b_Alain_Jean_Cafe_001-2048x1365.jpg 2048w" sizes="(max-width: 1024px) 100vw, 1024px" />							</picture>
						</div>
					</div>
								<div class="d-flex col-md">
					<div
						class="card-body align-self-center"
					>
						<div class="single__header-meta d-inline-flex flex-wrap gap-1">
															<div class="single__taxonomies">
									<ul class="list-unstyled d-inline-flex flex-wrap gap-1 m-0">
																																<li class="d-inline">
												<a
													href="https://www.microsoft.com/en-us/security/blog/content-type/research/"
													data-bi-cn="Research"
													data-bi-ct="cta link"
												>
													Research												</a>
											</li>
																																<li class="d-inline">
												<a
													href="https://www.microsoft.com/en-us/security/blog/topic/threat-intelligence/"
													data-bi-cn="Threat intelligence"
													data-bi-ct="cta link"
												>
													Threat intelligence												</a>
											</li>
																																<li class="d-inline">
												<a
													href="https://www.microsoft.com/en-us/security/blog/products/microsoft-incident-response/"
													data-bi-cn="Microsoft Incident Response"
													data-bi-ct="cta link"
												>
													Microsoft Incident Response												</a>
											</li>
																																<li class="d-inline">
												<a
													href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/threat-actors/"
													data-bi-cn="Threat actors"
													data-bi-ct="cta link"
												>
													Threat actors												</a>
											</li>
																			</ul>
								</div>
							
															<div class="single__read-time">
									17 min read								</div>
													</div>

						<h1 class="single__title h2 m-0 pt-2">Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction</h1>

						<div class="single__byline pt-g pt-md-4 pr-4 pr-md-0 small">
							<ul class="m-0 list-unstyled">
																										<li>
										<span class="">
											By										</span>
										<a
											class="text-white"
											href="https://www.microsoft.com/en-us/security/blog/author/detection-and-response-team-dart/"
											data-bi-cn="Microsoft Incident Response"
											data-bi-ct="author link"
										>Microsoft Incident Response</a>
																			</li>
																										<li>
										<span class="sr-only">
											By										</span>
										<a
											class="text-white"
											href="https://www.microsoft.com/en-us/security/blog/author/microsoft-security-threat-intelligence/"
											data-bi-cn="Microsoft Threat Intelligence"
											data-bi-ct="author link"
										>Microsoft Threat Intelligence</a>
																			</li>
															</ul>
						</div>
					</div>
				</div>
			</div>
		</div>
	</header>
</div>
			</div>

			<div class="single__meta" data-bi-an="Right Rail">
				<time
					class="single__date font-weight-bold d-block small text-neutral-600"
					datetime="2023-10-25T09:30:00-07:00"
				>
					October 25, 2023				</time>

				<ul class="single__share mt-3 list-inline mb-0 align-middle gap-2 align-items-center" data-bi-an="Social Share">
											<li class="list-inline-item m-0">
							<a
								class="d-flex"
								aria-label="Share on Facebook"
								data-bi-cn="Share on Facebook"
								href="https://www.facebook.com/sharer.php?u=https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/"
								target="_blank"
								rel="noreferrer noopener"
							>
									<span  class="svg" aria-hidden="true">
		<svg width="25" height="24" viewBox="0 0 25 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M24.227 12c0-6.428-5.209-11.637-11.636-11.637S.955 5.573.955 12c0 5.809 4.254 10.622 9.818 11.495v-8.132H7.818V12h2.955V9.436c0-2.916 1.736-4.527 4.395-4.527 1.273 0 2.605.227 2.605.227V8h-1.468c-1.446 0-1.896.897-1.896 1.818V12h3.227l-.516 3.363h-2.71v8.132c5.563-.873 9.817-5.686 9.817-11.495Z" fill="#0067B8" /><path d="M17.12 15.363 17.636 12H14.41V9.818c0-.92.45-1.818 1.895-1.818h1.469V5.136s-1.332-.227-2.605-.227c-2.659 0-4.395 1.611-4.395 4.527V12H7.818v3.363h2.955v8.132a11.717 11.717 0 0 0 3.636 0v-8.132h2.711Z" fill="#fff" /></svg>	</span>
								</a>
						</li>

						<li class="list-inline-item m-0">
							<a
								class="d-flex"
								aria-label="Share on X"
								data-bi-cn="Share on X"
								href="https://twitter.com/intent/tweet?url=https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/"
								target="_blank"
								rel="noreferrer noopener"
							>
									<span  class="svg" aria-hidden="true">
		<svg width="29" height="29" viewBox="0 0 29 29" fill="none" xmlns="http://www.w3.org/2000/svg"><g><path d="M17.259 12.273 28.055 0h-2.558l-9.375 10.657L8.635 0H0l11.322 16.115L0 28.985h2.558l9.9-11.254 7.907 11.254H29L17.258 12.273Zm-3.504 3.984-1.147-1.605L3.48 1.884h3.93l7.366 10.304 1.147 1.605 9.575 13.394h-3.93l-7.813-10.93Z" fill="currentColor" /></g><defs><path fill="currentColor" d="M0 0h29v29H0z" /></defs></svg>	</span>
								</a>
						</li>
					
					<li class="list-inline-item m-0">
						<a
							class="d-flex"
							aria-label="Share on LinkedIn"
							data-bi-cn="Share on LinkedIn"
							href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/"
							target="_blank"
							rel="noreferrer noopener"
						>
								<span  class="svg" aria-hidden="true">
		<svg width="30" height="29" viewBox="0 0 30 29" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M25.011 24.711h-4.203v-6.744c0-1.59-.047-3.66-2.172-3.66-2.172 0-2.55 1.734-2.55 3.564v6.84h-4.203V10.886h4.014v1.879h.047a4.31 4.31 0 0 1 4.014-2.216c4.25 0 5.053 2.89 5.053 6.6v7.562ZM7.114 9.008c-1.37 0-2.456-1.108-2.456-2.505 0-1.397 1.087-2.505 2.456-2.505 1.37 0 2.455 1.108 2.455 2.505 0 1.397-1.086 2.505-2.455 2.505ZM9.239 24.71h-4.25V10.886h4.203v13.825h.047ZM27.136 0H2.864A2.076 2.076 0 0 0 .786 2.071v24.856c0 1.156.945 2.12 2.078 2.071h24.225c1.133 0 2.078-.915 2.125-2.071V2.071A2.076 2.076 0 0 0 27.136 0Z" fill="#0A66C1" /></svg>	</span>
							</a>
					</li>

				</ul>

									<div id="single-tags" data-bi-an="post-categories" class="mt-3 mt-lg-4 mb-2">
						<ul class="single__tags list-unstyled m-0">
																								<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/topic/incident-response/"
											data-bi-cn="Incident response"
											data-bi-ct="cta link"
										>
											Incident response										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender/"
											data-bi-cn="Microsoft Defender"
											data-bi-ct="cta link"
										>
											Microsoft Defender										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender-experts-for-hunting/"
											data-bi-cn="Microsoft Defender Experts for Hunting"
											data-bi-ct="cta link"
										>
											Microsoft Defender Experts for Hunting										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender-for-cloud/"
											data-bi-cn="Microsoft Defender for Cloud"
											data-bi-ct="cta link"
										>
											Microsoft Defender for Cloud										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender-for-cloud-apps/"
											data-bi-cn="Microsoft Defender for Cloud Apps"
											data-bi-ct="cta link"
										>
											Microsoft Defender for Cloud Apps										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender-for-endpoint/"
											data-bi-cn="Microsoft Defender for Endpoint"
											data-bi-ct="cta link"
										>
											Microsoft Defender for Endpoint										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender-for-identity/"
											data-bi-cn="Microsoft Defender for Identity"
											data-bi-ct="cta link"
										>
											Microsoft Defender for Identity										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender-threat-intelligence/"
											data-bi-cn="Microsoft Defender Threat Intelligence"
											data-bi-ct="cta link"
										>
											Microsoft Defender Threat Intelligence										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender-xdr/"
											data-bi-cn="Microsoft Defender XDR"
											data-bi-ct="cta link"
										>
											Microsoft Defender XDR										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/products/microsoft-security-experts/"
											data-bi-cn="Microsoft Security Experts"
											data-bi-ct="cta link"
										>
											Microsoft Security Experts										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/products/microsoft-sentinel/"
											data-bi-cn="Microsoft Sentinel"
											data-bi-ct="cta link"
										>
											Microsoft Sentinel										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/attacker-techniques-tools-and-infrastructure/"
											data-bi-cn="Attacker techniques, tools, and infrastructure"
											data-bi-ct="cta link"
										>
											Attacker techniques, tools, and infrastructure										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/cybercrime/"
											data-bi-cn="Cybercrime"
											data-bi-ct="cta link"
										>
											Cybercrime										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/ransomware/"
											data-bi-cn="Ransomware"
											data-bi-ct="cta link"
										>
											Ransomware										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/social-engineering-phishing/"
											data-bi-cn="Social engineering / phishing"
											data-bi-ct="cta link"
										>
											Social engineering / phishing										</a>
									</li>
																																							<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/tag/adversary-in-the-middle/"
											data-bi-cn="Adversary-in-the-middle (AiTM)"
											data-bi-ct="cta link"
										>
											Adversary-in-the-middle (AiTM)										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/tag/credential-theft/"
											data-bi-cn="Credential theft"
											data-bi-ct="cta link"
										>
											Credential theft										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/tag/elevation-of-privilege/"
											data-bi-cn="Elevation of privilege"
											data-bi-ct="cta link"
										>
											Elevation of privilege										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/tag/extortion/"
											data-bi-cn="Extortion"
											data-bi-ct="cta link"
										>
											Extortion										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/tag/human-operated-ransomware/"
											data-bi-cn="Human-operated ransomware"
											data-bi-ct="cta link"
										>
											Human-operated ransomware										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/tag/ransomware-as-a-service/"
											data-bi-cn="Ransomware as a service"
											data-bi-ct="cta link"
										>
											Ransomware as a service										</a>
									</li>
																	<li>
										<a
											class="btn btn-neutral-100 btn-sm"
											href="https://www.microsoft.com/en-us/security/blog/tag/tempest/"
											data-bi-cn="Tempest"
											data-bi-ct="cta link"
										>
											Tempest										</a>
									</li>
																					</ul>
					</div>
							</div>
			<div class="single__content mb-4 pt-4 pt-xl-5 pb-5">
				
				
<p>Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the globe with the goal of financial extortion. With their extensive range of tactics, techniques, and procedures (TTPs), the threat actor, from our perspective, is one of the most dangerous financial criminal groups.</p>



<p>Octo Tempest is a financially motivated collective of native English-speaking threat actors known for launching wide-ranging campaigns that prominently feature <a href="https://www.microsoft.com/security/blog/2023/06/08/detecting-and-mitigating-a-multi-stage-aitm-phishing-and-bec-campaign/">adversary-in-the-middle (AiTM) techniques</a>, social engineering, and SIM swapping capabilities. Octo Tempest, which overlaps with research associated with 0ktapus, Scattered Spider, and UNC3944, was initially seen in early 2022, targeting mobile telecommunications and business process outsourcing organizations to initiate phone number ports (also known as SIM swaps). Octo Tempest monetized their intrusions in 2022 by selling SIM swaps to other criminals and performing account takeovers of high-net-worth individuals to steal their cryptocurrency.</p>


<figure class="wp-block-image size-large"><img decoding="async" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Octo-Tempest-evolution-1024x476.webp" alt="A graphical representation of Octo Tempest's evolution from early 2022 to mid 2023. " class="wp-image-132049 webp-format" srcset="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Octo-Tempest-evolution-1024x476.webp 1024w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Octo-Tempest-evolution-300x139.webp 300w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Octo-Tempest-evolution-768x357.webp 768w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Octo-Tempest-evolution.webp 1330w" data-orig-src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Octo-Tempest-evolution-1024x476.webp"><figcaption class="wp-element-caption">Figure 1. <em>The evolution of Octo Tempest&rsquo;s targeting, actions, outcomes, and monetization</em></figcaption></figure>



<p>Building on their initial success, Octo Tempest harnessed their experience and acquired data to progressively advance their motives, targeting, and techniques, adopting an increasingly aggressive approach. In late 2022 to early 2023, Octo Tempest expanded their targeting to include cable telecommunications, email, and technology organizations. During this period, Octo Tempest started monetizing intrusions by extorting victim organizations for data stolen during their intrusion operations and in some cases even resorting to physical threats.</p>



<p>In mid-2023, Octo Tempest became an affiliate of ALPHV/BlackCat, a human-operated <a href="https://www.microsoft.com/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/">ransomware as a service</a> (RaaS) operation, and initial victims were extorted for data theft (with no ransomware deployment) using ALPHV Collections leak site. This is notable in that, historically, Eastern European ransomware groups refused to do business with native English-speaking criminals. By June 2023, Octo Tempest started deploying ALPHV/BlackCat ransomware payloads (both Windows and Linux versions) to victims and lately has focused their deployments primarily on VMWare ESXi servers. Octo Tempest progressively broadened the scope of industries targeted for extortion, including natural resources, gaming, hospitality, consumer products, retail, managed service providers, manufacturing, law, technology, and financial services. <em>&nbsp;</em></p>



<p>In recent campaigns, we observed Octo Tempest leverage a diverse array of TTPs to navigate complex hybrid environments, exfiltrate sensitive data, and encrypt data. Octo Tempest leverages tradecraft that many organizations don’t have in their typical threat models, such as SMS phishing, SIM swapping, and advanced social engineering techniques. This blog post aims to provide organizations with an insight into Octo Tempest’s tradecraft by detailing the fluidity of their operations and to offer organizations defensive mechanisms to thwart the highly motivated financial cybercriminal group.</p>


<div class="wp-block-msxcm-kicker-container align-right">
	<div class=" wp-block-msxcm-kicker wp-block-msxcm-kicker--align-right" data-bi-an="Kicker Right">
		<p class="wp-block-msxcm-kicker__title text-neutral-600 text-uppercase">
			DEFEND AGAINST OCTO TEMPEST		</p>
		<a
			class="wp-block-msxcm-kicker__cta btn btn-link p-0 text-decoration-none"
			href="#Defense"
			>
			<span>Jump to Recommendations</span>&nbsp;<span class="glyph-append glyph-append-xsmall wp-block-msxcm-kicker__glyph glyph-append-go"></span>
		</a>
	</div>
</div>


<div class="wp-block-msxcm-kicker-container align-right">
	<div class=" wp-block-msxcm-kicker wp-block-msxcm-kicker--align-right" data-bi-an="Kicker Right">
		<p class="wp-block-msxcm-kicker__title text-neutral-600 text-uppercase">
			HUNT FOR RELATED ACTIVITY		</p>
		<a
			class="wp-block-msxcm-kicker__cta btn btn-link p-0 text-decoration-none"
			href="#Hunting"
			>
			<span>Jump to Hunting guidance</span>&nbsp;<span class="glyph-append glyph-append-xsmall wp-block-msxcm-kicker__glyph glyph-append-go"></span>
		</a>
	</div>
</div>



<h2 class="wp-block-heading">Analysis&nbsp;</h2>



<p>The well-organized, prolific nature of Octo Tempest&#8217;s attacks is indicative of extensive technical depth and multiple hands-on-keyboard operators. The succeeding sections cover the wide range of TTPs we observed being used by Octo Tempest.</p>


<div class="wp-block-msxcm-kicker-container align-right">
	<div class=" wp-block-msxcm-kicker wp-block-msxcm-kicker--align-right" data-bi-an="Kicker Right">
		<p class="wp-block-msxcm-kicker__title text-neutral-600 text-uppercase">
			EXPERTS DISCUSS OCTO TEMPEST		</p>
		<a
			class="wp-block-msxcm-kicker__cta btn btn-link p-0 text-decoration-none"
			href="https://thecyberwire.com/podcasts/microsoft-threat-intelligence/5/notes"
			>
			<span>Listen to The Microsoft Threat Intelligence Podcast</span>&nbsp;<span class="glyph-append glyph-append-xsmall wp-block-msxcm-kicker__glyph glyph-append-go"></span>
		</a>
	</div>
</div>


<figure class="wp-block-image size-full"><img decoding="async" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Figure-2-octo-tempest-ttps.webp" alt="A graphical image summarizing the list of TTPs used by Octo Tempest as discussed in this blog post." class="wp-image-132017 webp-format" srcset="" data-orig-src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Figure-2-octo-tempest-ttps.webp"><figcaption class="wp-element-caption">Figure 2. Octo Tempest TTPs</figcaption></figure>



<h3 class="wp-block-heading">Initial access&nbsp;</h3>



<h4 class="wp-block-heading">Social engineering&nbsp;with a twist</h4>



<p>Octo Tempest commonly launches social engineering attacks targeting technical administrators, such as support and help desk personnel, who have permissions that could enable the threat actor to gain initial access to accounts. The threat actor performs research on the organization and identifies targets to effectively impersonate victims, mimicking idiolect on phone calls and understanding personal identifiable information to trick technical administrators into performing password resets and resetting multifactor authentication (MFA) methods. Octo Tempest has also been observed impersonating newly hired employees in these attempts to blend into normal on-hire processes.</p>



<p>Octo Tempest primarily gains initial access to an organization using one of several methods:</p>



<ul type="1">
<li>Social engineering
<ul>
<li>Calling an employee and socially engineering the user to either:
<ul>
<li>Install a Remote Monitoring and Management (RMM) utility</li>



<li>Navigate to a site configured with a fake login portal using an adversary-in-the-middle toolkit</li>



<li>Remove their FIDO2 token</li>
</ul>
</li>



<li>Calling an organization’s help desk and socially engineering the help desk to reset the user’s password and/or change/add a multi-factor authentication token/factor</li>
</ul>
</li>



<li>Purchasing an employee’s credentials and/or session token(s) on a criminal underground market</li>



<li>SMS phishing employee phone numbers with a link to a site configured with a fake login portal using an adversary-in-the-middle toolkit</li>



<li>Using the employee’s pre-existing access to mobile telecommunications and business process outsourcing organizations to <a href="https://www.microsoft.com/security/blog/2023/01/26/2023-identity-security-trends-and-solutions-from-microsoft/">initiate a SIM swap</a> or to set up call number forwarding on an employee’s phone number. Octo Tempest will initiate a self-service password reset of the user’s account once they have gained control of the employee’s phone number.</li>
</ul>



<p>In rare instances, Octo Tempest resorts to fear-mongering tactics, targeting specific individuals through phone calls and texts. These actors use personal information, such as home addresses and family names, along with physical threats to coerce victims into sharing credentials for corporate access.</p>


<figure class="wp-block-image size-full is-resized"><img decoding="async" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Figure-3-threats-sent-by-octo-tempest-to-targets-1.webp" alt="Two screenshots of a phone screen presented side by side. The screens present a series of threatening text messages sent by Octo Tempest to their targets/  " class="wp-image-132021 webp-format" style="width:537px;height:522px" srcset="" data-orig-src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Figure-3-threats-sent-by-octo-tempest-to-targets-1.webp"><figcaption class="wp-element-caption">Figure 3. Threats sent by Octo Tempest to targets</figcaption></figure>



<h3 class="wp-block-heading">Reconnaissance and discovery&nbsp;</h3>



<h4 class="wp-block-heading">Crossing borders for identity, architecture, and controls enumeration</h4>



<p>In the early stage of their attacks, Octo Tempest performs various enumeration and information gathering actions to pursue advanced access in targeted environments and abuses legitimate channels for follow-on actions later in the attack sequence. Initial bulk-export of users, groups, and device information is closely followed by enumerating data and resources readily available to the user’s profile within virtual desktop infrastructure or enterprise-hosted resources.&nbsp;</p>



<p>Frequently, Octo Tempest uses their access to carry out broad searches across knowledge repositories to identify documents related to network architecture, employee onboarding, remote access methods, password policies, and credential vaults.</p>



<p>Octo Tempest then performs exploration through multi-cloud environments enumerating access and resources across cloud environments, code repositories, server and backup management infrastructure, and others. In this stage, the threat actor validates access, enumerates databases and storage containers, and plans footholds to aid further phases of the attack.</p>



<h4 class="wp-block-heading">Additional tradecraft and techniques:</h4>



<ul>
<li><a href="https://www.pingcastle.com/" target="_blank" rel="noreferrer noopener">PingCastle</a> and <a href="https://github.com/adrecon/ADRecon" target="_blank" rel="noreferrer noopener">ADRecon</a> to perform reconnaissance of Active Directory&nbsp;</li>



<li>Advanced IP Scanner to probe victim networks</li>



<li><a href="https://github.com/vmware/govmomi" target="_blank" rel="noreferrer noopener">Govmomi</a> Go library to enumerate vCenter APIs&nbsp;</li>



<li><a href="https://support.purestorage.com/Solutions/Microsoft_Platform_Guide/a_Windows_PowerShell/Pure_Storage_PowerShell_SDK" target="_blank" rel="noreferrer noopener">PureStorage FlashArray</a> PowerShell module to enumerate storage arrays&nbsp;</li>



<li>AAD bulk downloads of user, groups, and devices</li>
</ul>



<h3 class="wp-block-heading">Privilege escalation and credential access</h3>



<p>Octo Tempest commonly elevates their privileges within an organization through the following techniques:</p>



<ul type="1">
<li>Using their pre-existing access to mobile telecommunications and business process outsourcing organizations to initiate a SIM swap or to set up call number forwarding on an employee’s phone number. Octo Tempest will initiate a self-service password reset of the user’s account once they have gained control of the employee’s phone number.</li>



<li>Social engineering &#8211; calling an organization’s help desk and socially engineering the help desk to reset an administrator’s password and/or change/add a multi-factor authentication token/factor</li>
</ul>



<h4 class="wp-block-heading">Further masquerading and collection for escalation</h4>



<p>Octo Tempest employs an advanced social engineering strategy for privilege escalation, harnessing stolen password policy procedures, bulk downloads of user, group, and role exports, and their familiarity with the target organizations procedures. The actor&#8217;s privilege escalation tactics often rely on building trust through various means, such as leveraging possession of compromised accounts and demonstrating an understanding of the organization&#8217;s procedures. In some cases, they go as far as bypassing password reset procedures by using a compromised manager&#8217;s account to approve their requests.</p>



<p>Octo Tempest continually seeks to collect additional credentials across all planes of access. Using open-source tooling like Jercretz and TruffleHog, the threat actor automates the identification of plaintext keys, secrets, and credentials across code repositories for further use.</p>



<h4 class="wp-block-heading">Additional tradecraft and techniques:</h4>



<ul>
<li>Modifying access policies or using MicroBurst to gain access to credential stores</li>



<li>Using open-source tooling: <a href="https://github.com/gentilkiwi/mimikatz">Mimikatz</a>, <a href="https://github.com/Processus-Thief/HEKATOMB">Hekatomb</a>, <a href="https://github.com/AlessandroZ/LaZagne">Lazagne</a>, <a href="https://github.com/C-Sto/gosecretsdump">gosecretsdump</a>, smbpasswd.py, LinPEAS, ADFSDump</li>



<li>Using VMAccess Extension to reset passwords or modify configurations of Azure VMs</li>



<li>Creating snapshots virtual domain controller disks to download and extract NTDS.dit</li>



<li>Assignment of User Access Administrator role to grant Tenant Root Group management scope</li>
</ul>



<h3 class="wp-block-heading">Defense evasion</h3>



<h4 class="wp-block-heading">Security product arsenal sabotage</h4>



<p>Octo Tempest compromises security personnel accounts within victim organizations to turn off security products and features and attempt to evade detection throughout their compromise. Using compromised accounts, the threat actor leverages EDR and device management technologies to allow malicious tooling, deploy RMM software, remove or impair security products, data theft of sensitive files (e.g. files with credentials, signal messaging databases, etc.), and deploy malicious payloads.</p>



<p>To prevent identification of security product manipulation and suppress alerts or notifications of changes, Octo Tempest modifies the security staff mailbox rules to automatically delete emails from vendors that may raise the target’s suspicion of their activities.</p>


<figure class="wp-block-image size-full"><img decoding="async" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Figure-4-inbox-rule-created-by-octo-tempest-to-delete-emails-from-vendors.webp" alt="A screenshot of the inbox rule created by Octo Tempest. " class="wp-image-132022 webp-format" srcset="" data-orig-src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Figure-4-inbox-rule-created-by-octo-tempest-to-delete-emails-from-vendors.webp"><figcaption class="wp-element-caption"><em>Figure 4. Inbox rule created by Octo Tempest to delete emails from vendors</em></figcaption></figure>



<h4 class="wp-block-heading">Additional tradecraft and techniques:</h4>



<ul>
<li>Using open-source tooling like <em>privacy.sexy</em> framework to disable security products</li>



<li>Enrolling actor-controlled devices into device management software to bypass controls</li>



<li>Configuring trusted locations in Conditional Access Policies to expand access capabilities</li>



<li>Replaying harvested tokens with satisfied MFA claims to bypass MFA</li>
</ul>



<h3 class="wp-block-heading">Persistence&nbsp;</h3>



<h4 class="wp-block-heading">Sustained intrusion with identities and open-source tools</h4>



<p>Octo Tempest leverages publicly available security tools to establish persistence within victim organizations, largely using account manipulation techniques and implants on hosts. For identity-based persistence, Octo Tempest targets federated identity providers using tools like AADInternals to federate existing domains, or spoof legitimate domains by adding and then federating new domains. The threat actor then abuses this federation to generate forged valid security assertion markup language (SAML) tokens for any user of the target tenant with claims that have MFA satisfied, a technique known as Golden SAML. <a href="https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection">Similar techniques</a> have also been observed using Okta as their source of truth identity provider, leveraging Okta Org2Org functionality to impersonate any desired user account.</p>



<p>To maintain access to endpoints, Octo Tempest installs a wide array of legitimate RMM tools and makes required network modifications to enable access. The usage of reverse shells is seen across Octo Tempest intrusions on both Windows and Linux endpoints. These reverse shells commonly initiate connections to the same attacker infrastructure that deployed the RMM tools.</p>


<figure class="wp-block-image size-full"><img decoding="async" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Figure-5a.webp" alt="A screenshot of reverse shellcode used by Octo Tempest" class="wp-image-132023 webp-format" srcset="" data-orig-src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Figure-5a.webp"></figure>


<figure class="wp-block-image size-full"><img decoding="async" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Figure-5b.webp" alt="A screenshot of reverse shellcode used by Octo Tempest" class="wp-image-132024 webp-format" srcset="" data-orig-src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/10/Figure-5b.webp"><figcaption class="wp-element-caption">Figure 5. Reverse shellcode used by Octo Tempest</figcaption></figure>



<p>A unique technique Octo Tempest uses is compromising VMware ESXi infrastructure, installing the open-source Linux backdoor Bedevil, and then launching VMware Python scripts to run arbitrary commands against housed virtual machines.</p>



<h4 class="wp-block-heading">Additional tradecraft and techniques:</h4>



<ul>
<li>Usage of open-source tooling: <a href="https://screenconnect.connectwise.com/" target="_blank" rel="noreferrer noopener">ScreenConnect</a>, <a href="https://fleetdeck.io/" target="_blank" rel="noreferrer noopener">FleetDeck</a>, <a href="https://anydesk.com/" target="_blank" rel="noreferrer noopener">AnyDesk</a>, <a href="https://rustdesk.com/" target="_blank" rel="noreferrer noopener">RustDesk</a>, <a href="https://www.splashtop.com/" target="_blank" rel="noreferrer noopener">Splashtop</a>, <a href="https://www.pulseway.com/" target="_blank" rel="noreferrer noopener">Pulseway</a>, <a href="https://www.tightvnc.com/" target="_blank" rel="noreferrer noopener">TightVNC</a>, LummaC2, Level.io, Mesh, <a href="https://github.com/amidaware/tacticalrmm" target="_blank" rel="noreferrer noopener">TacticalRMM</a>, <a href="https://tailscale.com/" target="_blank" rel="noreferrer noopener">Tailscale</a>, <a href="https://ngrok.com/" target="_blank" rel="noreferrer noopener">Ngrok</a>, <a href="https://github.com/erebe/wstunnel" target="_blank" rel="noreferrer noopener">WsTunnel</a>, <a href="https://github.com/b23r0/rsocx" target="_blank" rel="noreferrer noopener">Rsocx</a>, and <a href="https://linux.die.net/man/1/socat" target="_blank" rel="noreferrer noopener">Socat</a></li>



<li>Deployment of Azure virtual machines to enable remote access via RMM installation or modification to existing resources via Azure serial console</li>



<li>Addition of MFA methods to existing users</li>



<li>Usage of the third-party tunneling tool <a href="https://www.twingate.com/" target="_blank" rel="noreferrer noopener">Twingate</a>, which leverages Azure Container instances as a private connector (without public network exposure)</li>
</ul>



<h3 class="wp-block-heading" id="actions">Actions on objectives</h3>



<h4 class="wp-block-heading">Common trifecta: Data theft, extortion, and ransomware</h4>



<p>The goal of Octo Tempest remains financially motivated, but the monetization techniques observed across industries vary between cryptocurrency theft and data exfiltration for extortion and ransomware deployment.</p>



<p>Like in most cyberattacks, data theft largely depends on the data readily available to the threat actor. Octo Tempest accesses data from code repositories, large document management and storage systems, including SharePoint, SQL databases, cloud storage blobs/buckets, and email, using legitimate management clients such as DBeaver, MongoDB Compass, Azure SQL Query Editor, and Cerebrata for the purpose of connection and collection. After data harvesting, the threat actor employs anonymous file-hosting services, including GoFile.io, shz.al, StorjShare, Temp.sh, MegaSync, Paste.ee, Backblaze, and AWS S3 buckets for data exfiltration.</p>



<p>Octo Tempest employs a unique technique using the data movement platform Azure Data Factory and automated pipelines to extract data to external actor hosted Secure File Transfer Protocol (SFTP) servers, aiming to blend in with typical big data operations. Additionally, the threat actor commonly registers legitimate Microsoft 365 backup solutions such as Veeam, AFI Backup, and CommVault to export the contents of SharePoint document libraries and expedite data exfiltration.</p>



<p>Ransomware deployment closely follows data theft objectives. This activity targets both Windows and Unix/Linux endpoints and VMware hypervisors using a variant of ALPHV/BlackCat. Encryption at the hypervisor level has shown significant impact to organizations, making recovery efforts difficult post-encryption.</p>



<p>Octo Tempest frequently communicates with target organizations and their personnel directly after encryption to negotiate or extort the ransom—providing “proof of life” through samples of exfiltrated data. Many of these communications have been leaked publicly, causing significant reputational damage to affected organizations.</p>



<h4 class="wp-block-heading">Additional tradecraft and techniques:</h4>



<ul>
<li>Use of the third-party services like <a href="https://www.fivetran.com/" target="_blank" rel="noreferrer noopener">FiveTran</a> to extract copies of high-value service databases, such as SalesForce and ZenDesk, using API connectors</li>



<li>Exfiltration of mailbox PST files and mail forwarding to external mailboxes</li>
</ul>



<h2 class="wp-block-heading">Recommendations</h2>



<h3 class="wp-block-heading" id="Hunting">Hunting methodology</h3>



<p>Octo Tempest’s utilization of social engineering, living-off-the land techniques, and diverse toolsets could make hunting slightly unorthodox. Following these general guidelines alongside robust deconfliction with legitimate users will surface their activity:</p>



<h4 class="wp-block-heading">Identity</h4>



<ul>
<li>Understand authentication flows in the environment.</li>



<li>Centralize visibility of administrative changes in the environment into a single pane of glass.</li>



<li>Scrutinize all user and sign-in risk detections for any administrator within the timeframe. Common alerts that are surfaced during an Octo Tempest intrusion include (but not limited to): Impossible Travel, Unfamiliar Sign-in Properties, and Anomalous Token</li>



<li>Review the coverage of Conditional Access policies; scrutinize the use of trusted locations and exclusions.</li>



<li>Review all existing and new custom domains in the tenant, and their federation settings.</li>



<li>Scrutinize administrator groups, roles, and privileges for recent modification.</li>



<li>Review recently created Microsoft Entra ID users and registered device identities.</li>



<li>Look for any anomalous pivots into organizational apps that may hold sensitive data, such as Microsoft SharePoint and OneDrive.</li>
</ul>



<h4 class="wp-block-heading">Azure</h4>



<ul>
<li>Leverage and continuously monitor Defender for Cloud for Azure Workloads, providing a wealth of information around unauthorized resource access.</li>



<li>Review Azure role-based access control (RBAC) definitions across the management group, subscription, resource group and resource structure.</li>



<li>Review the public network exposure of resources and revoke any unauthorized modifications.</li>



<li>Review both data plane and management plane access control for all critical workloads such as those that hold credentials and organizational data, like Key Vaults, storage accounts, and database resources.</li>



<li>Tightly control access to identity workloads that issue access organizational resources such as Active Directory Domain Controllers.</li>



<li>Review the Azure Activity log for anomalous modification of resources.</li>
</ul>



<h4 class="wp-block-heading">Endpoints</h4>



<ul>
<li>Look for recent additions to the indicators or exclusions of the EDR solution in place at the organization.</li>



<li>Review any generation of offboarding scripts.</li>



<li>Review access control within security products and EDR software suites.</li>



<li>Scrutinize any tools used to manage endpoints (SCCM, Intune, etc.) and look for recent rule additions, packages, or deployments.</li>



<li>Scrutinize use of remote administration tools across the environment, paying particular attention to recent installations regardless of whether they are used legitimately within the network already.</li>



<li>Ensure monitoring at the network boundary is in place, that alerting is in place for connections with common anonymizing services and scrutinize the use of these services.</li>
</ul>



<h3 class="wp-block-heading" id="Defense">Defending against Octo Tempest activity</h3>



<h4 class="wp-block-heading">Align privilege in Microsoft Entra ID and Azure</h4>



<p>Privileges spanning Microsoft Entra ID and Azure need to be holistically aligned, with purposeful design decisions to prevent unauthorized access to critical workloads. Reducing the number of users with permanently assigned critical roles is paramount to achieving this. Segregation of privilege between on-premises and cloud is also necessary to sever the ability to pivot within the environment.</p>



<p>It is highly recommended to implement Microsoft Entra Privileged Identity Management (PIM) as a central location for the management of both Microsoft Entra ID roles and Azure RBAC. For all critical roles, at minimum:</p>



<ul>
<li>Implement role assignments as eligible rather than permanent.</li>



<li>Review and understand the role definition Actions and NotActions – ensure to select only the roles with actions that the user requires to do their role (least privileged access).</li>



<li>Configure these roles to be time-bound, deactivating after a specific timeframe.</li>



<li>Require users to perform MFA to elevate to the role.</li>



<li>Optionally require users to provide justification or a ticket number upon elevation.</li>



<li>Enable notifications for privileged role elevation to a subset of administrators.</li>



<li>Utilize PIM Access Reviews to reduce standing access in the organization on a periodic basis.</li>
</ul>



<p>Every organization is different and, therefore, roles will be classified differently in terms of their criticality. Consider the scope of impact those roles may have on downstream resources, services, or identities in the event of compromise. For help desk administrators specifically, ensure to scope privilege to exclude administrative operations over Global Administrators. Consider implementing segregation strategies such as Microsoft Entra ID Administrative Units to segment administrative access over the tenant. For identities that leverage cross-service roles such as those that service the Microsoft Security Stack, consider implementing additional service-based granular access control to restrict the use of sensitive functionality, like Live Response and modification of IOC allow lists.</p>



<h4 class="wp-block-heading">Segment Azure landing zones</h4>



<p>For organizations yet to begin or are early in their modernization journey, end-to-end guidance for cloud adoption is available through the <a href="https://learn.microsoft.com/azure/cloud-adoption-framework/get-started/">Microsoft Azure Cloud Adoption Framework</a>. Recommended practice and security are central pillars—Azure workloads are segregated into separate, tightly restricted areas known as landing zones. When deploying Active Directory in the cloud, it is advised to create a platform landing zone for identity—a dedicated subscription to hold all Identity-related resources such as Domain Controller VM resources. Employ least privilege across this landing zone with the aforementioned privilege and PIM guidance for Azure RBAC.</p>



<h4 class="wp-block-heading">Implement Conditional Access policies and authentication methods</h4>



<p>TTPs outlined in this blog leverage strategies to evade multifactor authentication defenses. However, it is still strongly recommended to practice basic security hygiene by implementing a baseline set of Conditional Access policies:</p>



<ul>
<li>Require multifactor authentication for all privileged roles with the use of authentication strengths to enforce phish-resistant MFA methods such as FIDO2 security keys</li>



<li><a href="https://learn.microsoft.com/entra/identity/conditional-access/how-to-policy-phish-resistant-admin-mfa">Require phishing-resistant multifactor authentication for administrators</a></li>



<li>Enforce MFA registration from trusted locations from a device that also meets organizational requirements with Intune device compliance policies</li>



<li>User and sign-in risk policies for signals associated to Microsoft Entra ID Protection</li>
</ul>



<p>Organizations are recommended to keep their policies as simple as possible. Implementing complex policies might inhibit the ability to respond to threats at a rapid pace or allow threat actors to leverage misconfigurations within the environment.</p>



<h4 class="wp-block-heading">Develop and maintain a user education strategy</h4>



<p>An organization’s ability to protect itself against cyberattacks is only as strong as its people—it is imperative to put in place an end-to-end cybersecurity strategy highlighting the importance of ongoing user education and awareness. Targeted education and periodic security awareness campaigns around common cyber threats and attack vectors such as phishing and social engineering not only for users that hold administrative privilege in the organization, but the wider user base is crucial. A well-maintained incident response plan should be developed and refined to enable organizations to respond to unexpected cybersecurity events and rapidly regain positive control.</p>



<h4 class="wp-block-heading">Use out-of-band communication channels</h4>



<p>Octo Tempest has been observed joining, recording, and transcribing calls using tools such as <a href="https://otter.ai/" target="_blank" rel="noreferrer noopener">OtterAI</a>, and sending messages via Slack, Zoom, and Microsoft Teams, taunting and threatening targets, organizations, defenders, and gaining insights into incident response operations/planning. Using out-of-band communication channels is strongly encouraged when dealing with this threat actor.</p>



<h2 class="wp-block-heading">Detections</h2>



<h3 class="wp-block-heading">Microsoft 365 Defender</h3>



<blockquote class="wp-block-quote blockquote">
<p>Microsoft 365 Defender is becoming Microsoft Defender XDR. <a href="https://aka.ms/xdrignite2023">Learn more</a>.</p>
</blockquote>



<p>NOTE: Several tools mentioned throughout this blog are remote administrator tools that have been utilized by Octo Tempest to maintain persistence. While these tools are abused by threat actors, they can have legitimate use cases by normal users, and are updated on a frequent basis. Microsoft recommends monitoring their use within the environment, and when they are identified, defenders take the necessary steps for deconfliction to verify their use.</p>



<h4 class="wp-block-heading">Microsoft Defender Antivirus</h4>



<p>Microsoft Defender Antivirus detects this threat as the following malware:</p>



<ul>
<li><a href="https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=HackTool:Win32/Mimikatz&amp;ocid=magicti_ta_ency">HackTool:Win32/Mimikatz</a></li>



<li><a href="https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=HackTool:Win64/Mimikatz&amp;threatId=-2147280206&amp;ocid=magicti_ta_ency">HackTool:Win64/Mimikatz</a></li>



<li><a href="https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Behavior%3AWin32/BlackCatExec.A&amp;threatId=-2147156598?ocid=magicti_ta_ency">Behavior:Win32/BlackCatExec</a></li>



<li><a href="https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom%3AWin32/Blackcat&amp;threatId=-2147158032?ocid=magicti_ta_encycy">Ransom:Win32/Blackcat</a></li>



<li><a href="https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom%3ALinux/BlackCat.A!MTB&amp;threatId=-2147158921?ocid=magicti_ta_encyc">Ransom:Linux/BlackCat</a></li>



<li><a href="https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Behavior%3AWin32/BlackCat.MK&amp;threatId=-2147154344?ocid=magicti_ta_ency">Behavior:Win32/BlackCat</a></li>



<li><a href="https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom%3AWin64/BlackCat!MSR&amp;threatId=-2147149910?ocid=magicti_ta_ency">Ransom:Win64/BlackCat</a></li>
</ul>



<p>Turning on <a href="https://learn.microsoft.com/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection">tamper protection</a>, which is part of <a href="https://learn.microsoft.com/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection">built-in protection</a>, prevents attackers from stopping security services.</p>



<h4 class="wp-block-heading">Microsoft Defender for Endpoint</h4>



<p>The following Microsoft Defender for Endpoint alerts can indicate associated threat activity:</p>



<ul>
<li>Octo Tempest activity group</li>
</ul>



<p>The following alerts might also indicate threat activity related to this threat. Note, however, that these alerts can also be triggered by unrelated threat activity.</p>



<ul>
<li>Suspicious usage of remote management software</li>



<li>Mimikatz credential theft tool</li>



<li>BlackCat ransomware</li>



<li>Activity linked to BlackCat ransomware</li>



<li>Tampering activity typical to ransomware attacks</li>



<li>Possible hands-on-keyboard pre-ransom activity</li>
</ul>



<h4 class="wp-block-heading">Microsoft Defender for Cloud Apps</h4>



<p>Using Microsoft Defender for Cloud Apps&nbsp;<a href="https://learn.microsoft.com/defender-cloud-apps/enable-instant-visibility-protection-and-governance-actions-for-your-apps?ocid=magicti_ta_learndoc">connectors</a>, Microsoft 365 Defender raises AitM-related alerts in multiple scenarios. For Microsoft Entra ID customers using Microsoft Edge, attempts by attackers to replay session cookies to access cloud applications are detected by Microsoft 365 Defender through Defender for Cloud Apps connectors for <a href="https://learn.microsoft.com/defender-cloud-apps/connect-office-365?ocid=magicti_ta_learndoc">Microsoft&nbsp;Office 365</a>&nbsp;and&nbsp;<a href="https://learn.microsoft.com/defender-cloud-apps/connect-azure?ocid=magicti_ta_learndoc">Azure</a>. In such scenarios, Microsoft 365 Defender raises the following alerts:</p>



<ul>
<li>Backdoor creation using AADInternals tool</li>



<li>Suspicious domain added to Microsoft Entra ID</li>



<li>Suspicious domain trust modification following risky sign-in</li>



<li>User compromised via a known AitM phishing kit</li>



<li>User compromised in AiTM phishing attack</li>



<li>Suspicious email deletion activity</li>
</ul>



<p>Similarly, the connector for <a href="https://learn.microsoft.com/defender-cloud-apps/connect-okta">Okta</a> raises the following alerts:</p>



<ul>
<li>Suspicious Okta account enumeration</li>



<li>Possible AiTM phishing attempt in Okta</li>
</ul>



<h4 class="wp-block-heading">Microsoft Defender for Identity</h4>



<p>Microsoft Defender for Identity raises the following alerts for TTPs used by Octo Tempest such as NTDS stealing and Active Directory reconnaissance:</p>



<ul>
<li>Account enumeration reconnaissance</li>



<li>Network-mapping reconnaissance (DNS)</li>



<li>User and IP address reconnaissance (SMB)</li>



<li>User and Group membership reconnaissance (SAMR)</li>



<li>Suspected DCSync attack (replication of directory services)</li>



<li>Suspected AD FS DKM key read</li>



<li>Data exfiltration over SMB</li>
</ul>



<h3 class="wp-block-heading">Microsoft Defender for Cloud</h3>



<p>The following Microsoft Defender for Cloud alerts relate to TTPs used by Octo Tempest. Note, however, that these alerts can also be triggered by unrelated threat activity.</p>



<ul>
<li>MicroBurst exploitation toolkit used to enumerate resources in your subscriptions</li>



<li>MicroBurst exploitation toolkit used to execute code on your virtual machine</li>



<li>MicroBurst exploitation toolkit used to extract keys from your Azure key vaults</li>



<li>MicroBurst exploitation toolkit used to extract keys to your storage accounts</li>



<li>Suspicious Azure role assignment detected</li>



<li>Suspicious elevate access operation (Preview)</li>



<li>Suspicious invocation of a high-risk &#8216;Initial Access&#8217; operation detected (Preview)</li>



<li>Suspicious invocation of a high-risk &#8216;Credential Access&#8217; operation detected (Preview)</li>



<li>Suspicious invocation of a high-risk &#8216;Data Collection&#8217; operation detected (Preview)</li>



<li>Suspicious invocation of a high-risk &#8216;Execution&#8217; operation detected (Preview)</li>



<li>Suspicious invocation of a high-risk &#8216;Impact&#8217; operation detected (Preview)</li>



<li>Suspicious invocation of a high-risk &#8216;Lateral Movement&#8217; operation detected (Preview)</li>



<li>Unusual user password reset in your virtual machine</li>



<li>Suspicious usage of VMAccess extension was detected on your virtual machines (Preview)</li>



<li>Suspicious usage of multiple monitoring or data collection extensions was detected on your virtual machines (Preview)</li>



<li>Run Command with a suspicious script was detected on your virtual machine (Preview)</li>



<li>Suspicious Run Command usage was detected on your virtual machine (Preview)</li>



<li>Suspicious unauthorized Run Command usage was detected on your virtual machine (Preview)</li>
</ul>



<h3 class="wp-block-heading">Microsoft Sentinel</h3>



<p>Microsoft Sentinel customers can use the following Microsoft Sentinel Analytics template to identify potential AitM phishing attempts:</p>



<ul>
<li>Possible AitM Phishing Attempt Against Azure AD</li>
</ul>



<p>This detection uses signals from Microsoft Entra ID Identity Protection and looks for successful sign-ins that have been flagged as high risk. It combines this with data from web proxy services, such as ZScaler, to identify where users might have connected to the source of those sign-ins immediately prior. This can indicate a user interacting with an AitM phishing site and having their session hijacked. This detection uses the Advanced Security Information Model (ASIM) Web Session schema. Refer to this&nbsp;<a href="https://learn.microsoft.com/azure/sentinel/normalization-schema-web?ocid=magicti_ta_learndoc">article</a>&nbsp;for more details on the schema and its requirements.&nbsp;</p>



<h2 class="wp-block-heading">Threat intelligence reports</h2>



<p>Microsoft customers can use the following reports in Microsoft products to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide the intelligence, protection info, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments.</p>



<h3 class="wp-block-heading">Microsoft Defender Threat Intelligence</h3>



<ul>
<li><a href="https://ti.defender.microsoft.com/intel-profiles/205381037ed05d275251862061dd923309ac9ecdc2a9951d7c344d890a61101a/description">Octo Tempest</a></li>



<li><a href="https://ti.defender.microsoft.com/articles/d2d50348">Octo Tempest uses social engineering and AADInternals to compromise cloud identities</a></li>
</ul>



<h3 class="wp-block-heading">Microsoft 365 Defender Threat analytics &nbsp;</h3>



<ul>
<li><a href="https://security.microsoft.com/threatanalytics3/4f60801d-912e-4bcb-91b2-f46879c8a718/analystreport?">Actor profile: Octo Tempest</a></li>



<li><a href="https://security.microsoft.com/threatanalytics3/9443b3fc-9e7e-48cc-a869-5cdb0aeec344/analystreport?">Threat insights: Octo Tempest uses social engineering and AADInternals to compromise cloud identities</a></li>
</ul>



<h2 class="wp-block-heading">Hunting queries</h2>



<h3 class="wp-block-heading">Microsoft Sentinel</h3>



<p>Microsoft Sentinel customers can use the TI Mapping analytics (a series of analytics all prefixed with ‘TI map’) to automatically match the malicious domain indicators mentioned in this blog post with data in their workspace. If the TI Map analytics are not currently deployed, customers can install the Threat Intelligence solution from the <a href="https://learn.microsoft.com/azure/sentinel/sentinel-solutions-deploy">Microsoft Sentinel Content Hub</a> to have the analytics rule deployed in their Sentinel workspace.</p>



<p>Microsoft Sentinel also has a range of detection and threat hunting content that customers can use to detect the post exploitation activity detailed in this blog in addition to Microsoft 365 Defender detections list above.</p>



<ul>
<li><a href="https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Azure%20Active%20Directory/Analytic%20Rules/SuspiciousSignInFollowedByMFAModification.yaml">Suspicious sign-in followed by MFA modification</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/master/Hunting%20Queries/AuditLogs/AccountMFAModifications.yaml">Account MFA modifications</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/b38422b9d207a637e816381accd7312195e581b9/Solutions/Okta%20Single%20Sign-On/Analytic%20Rules/PhishingDetection.yaml#L4">Okta SSO phishing detection</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/b38422b9d207a637e816381accd7312195e581b9/Solutions/Okta%20Single%20Sign-On/Hunting%20Queries/RareMFAOperation.yaml#L2">Okta rare MFA operations</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/b38422b9d207a637e816381accd7312195e581b9/Solutions/Okta%20Single%20Sign-On/Hunting%20Queries/LoginFromMultipleLocations.yaml#L2">Okta login from different locations</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/b38422b9d207a637e816381accd7312195e581b9/Solutions/Okta%20Single%20Sign-On/Hunting%20Queries/UserPasswordReset.yaml#L2">Okta user password reset</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries/sharepoint_downloads.yaml">SharePointFileOperation via clientIP with previously unseen user agents</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Analytic%20Rules/SharePoint_Downloads_byNewUserAgent.yaml">SharePointFileOperation via devices with previously unseen user agents</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Microsoft%20365/Hunting%20Queries/new_sharepoint_downloads_by_IP.yaml">SharePointFileOperation via previously unseen IPs of risky ASN’s</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/b38422b9d207a637e816381accd7312195e581b9/Solutions/Microsoft%20365/Analytic%20Rules/SharePoint_Downloads_byNewIP.yaml#L4">SharePointFileOperation via previously unseen IPs</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/b38422b9d207a637e816381accd7312195e581b9/Solutions/UEBA%20Essentials/Hunting%20Queries/Anomalous%20AAD%20Account%20Manipulation.yaml#L2">Anomalous AAD account manipulation</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cloud%20Identity%20Threat%20Protection%20Essentials/Analytic%20Rules/NewExtUserGrantedAdmin.yaml">New external user granted admin</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/b38422b9d207a637e816381accd7312195e581b9/Hunting%20Queries/MultipleDataSources/AnomolousSignInsBasedonTime.yaml#L18">Anomolous sign-ins based on time</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/b38422b9d207a637e816381accd7312195e581b9/Solutions/UEBA%20Essentials/Hunting%20Queries/newAccountAddedToAdminGroup.yaml#L15">New account added to admin group</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/db0cb723381b4f7568ae613a75f493e2a4b3cc52/Solutions/Azure%20Active%20Directory/Analytic%20Rules/AuthenticationMethodsChangedforPrivilegedAccount.yaml#L21">Authentication methods changed for privileged account</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/db0cb723381b4f7568ae613a75f493e2a4b3cc52/Detections/AzureActivity/RareRunCommandPowerShellScript.yaml#L73">Rare run command PowerShell script</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/db0cb723381b4f7568ae613a75f493e2a4b3cc52/Solutions/Azure%20Activity/Hunting%20Queries/AzureNSG_AdministrativeOperations.yaml#L4">Azure NSG administrative operations</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/db0cb723381b4f7568ae613a75f493e2a4b3cc52/Solutions/Azure%20Activity/Analytic%20Rules/RareOperations.yaml#L4">Rare operations of create and update of snapshots</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Attacker%20Tools%20Threat%20Protection%20Essentials/Analytic%20Rules/AdFind_Usage.yaml">AdFind usage</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/6580195bf9f5ce308b322edfc685b293ea5bfd1b/Solutions/Azure%20Activity/Hunting%20Queries/Anomalous_Listing_Of_Storage_Keys.yaml#L6">Anomalous listing of storage keys</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/6580195bf9f5ce308b322edfc685b293ea5bfd1b/Hunting%20Queries/MultipleDataSources/StorageAccountKeyEnumerationWithSigninandAuditlogs.yaml#L2">Storage account key enumeration</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/6580195bf9f5ce308b322edfc685b293ea5bfd1b/Solutions/Endpoint%20Threat%20Protection%20Essentials/Hunting%20Queries/PotentialMicrosoftSecurityServicesTampering.yaml#L4">Potential Microsoft Security services tampering</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/6580195bf9f5ce308b322edfc685b293ea5bfd1b/Hunting%20Queries/Microsoft%20365%20Defender/Defense%20evasion/PotentialMicrosoftDefenderTampering%5BSolarigate%5D.yaml#L2">Potential Microsoft Defender tampering</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/6580195bf9f5ce308b322edfc685b293ea5bfd1b/Solutions/Microsoft%20365/Hunting%20Queries/OfficeMailForwarding_hunting.yaml#L2">Office mail forwarding</a></li>



<li><a href="https://github.com/Azure/Azure-Sentinel/blob/6580195bf9f5ce308b322edfc685b293ea5bfd1b/Detections/OfficeActivity/NRT_Office_MailForwarding.yaml#L4">Multiple users Office mail forwarding</a></li>
</ul>



<h2 class="wp-block-heading">Further reading</h2>



<p>Listen to Microsoft experts discuss Octo Tempest TTPs and activities on <a href="https://thecyberwire.com/podcasts/microsoft-threat-intelligence/5/notes" target="_blank" rel="noreferrer noopener">The Microsoft Threat Intelligence Podcast</a>.</p>



<p>Visit this page for <a href="https://www.microsoft.com/en-us/security/blog/author/detection-and-response-team-dart/">more blogs from Microsoft Incident Response</a>.</p>



<p>For more security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog:&nbsp;<a href="https://aka.ms/threatintelblog">https://aka.ms/threatintelblog</a>.</p>



<p>To get notified about new publications and to join discussions on social media, follow us on X (formerly Twitter) at&nbsp;<a href="https://twitter.com/MsftSecIntel" target="_blank" rel="noreferrer noopener">https://twitter.com/MsftSecIntel</a>.</p>



<p></p>



<p></p>



<p><strong>November 1, 2023 update:</strong> Updated the <a href="#actions">Actions of objectives</a> section to fix the list of anonymous file-hosting services used by Octo Tempest for data exfiltration, which incorrectly listed Sh.Azl. It has been corrected to shz.al.</p>



<p></p>
			</div>

							<section class="single__related pb-5" data-bi-an="Related Articles">
					<div class="container">
						<h2 class="single__related-heading">
							Related Posts						</h2>
						<ul class="single__related-posts list-unstyled row row-cols-1 row-cols-sm-2 row-cols-lg-4">
							<li class="col d-flex">
	<article id="post-130433" class="card material-card post-130433 post type-post status-publish format-standard has-post-thumbnail hentry content-type-research topic-threat-intelligence products-microsoft-defender products-microsoft-defender-for-cloud-apps products-microsoft-defender-for-endpoint products-microsoft-defender-for-office-365 products-microsoft-defender-xdr products-microsoft-entra products-microsoft-entra-id products-microsoft-sentinel threat-intelligence-attacker-techniques-tools-and-infrastructure threat-intelligence-business-email-compromise threat-intelligence-cloud-threats threat-intelligence-cybercrime threat-intelligence-social-engineering-phishing threat-intelligence-threat-actors tag-adversary-in-the-middle tag-storm tag-token-theft">

			<div class="card__image card-img card__image--moray-material-card ">
			<a data-bi-cn="Detecting and mitigating a multi-stage AiTM phishing and BEC campaign" data-bi-id="130433" data-bi-ct="image link" href="https://www.microsoft.com/en-us/security/blog/2023/06/08/detecting-and-mitigating-a-multi-stage-aitm-phishing-and-bec-campaign/" aria-label="Read more about: Detecting and mitigating a multi-stage AiTM phishing and BEC campaign">
				<div class="embed-responsive embed-responsive-16by9">
					<img width="336" height="189" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/06/Featured-image-AiTM-BEC-DEX-1-336x189.jpg" class="card-img embed-responsive-item img-object-cover wp-post-image" alt="a man sitting at a table using a laptop computer" loading="lazy" />				</div>
			</a>
		</div>
	
	<div class="card__content card-body p-4">
		<div class="card__meta mb-g d-flex flex-wrap align-items-baseline">
							<div class="card__categories d-inline-flex align-items-center w-100 w-sm-auto small" data-bi-an="post-categories">
					<ul class="list-unstyled d-flex flex-wrap m-0">
													<li class="mr-2">
								<a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/content-type/research/" data-bi-cn="Research" data-bi-ct="cta link">
									Research								</a>
							</li>
														<li class="mr-2">
								<a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/topic/threat-intelligence/" data-bi-cn="Threat intelligence" data-bi-ct="cta link">
									Threat intelligence								</a>
							</li>
														<li class="mr-2">
								<a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender/" data-bi-cn="Microsoft Defender" data-bi-ct="cta link">
									Microsoft Defender								</a>
							</li>
														<li class="">
								<a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/business-email-compromise/" data-bi-cn="Business email compromise" data-bi-ct="cta link">
									Business email compromise								</a>
							</li>
											</ul></div> 						<div class="card__meta-group d-inline-flex">
				<div class="card__date d-sm-inline-flex align-items-center w-sm-auto font-weight-bold small">
					<span class="sr-only">Published</span> Jun 8				</div>
									<div class="card__read-time d-sm-inline-flex align-items-center font-weight-bold small">
						12 min read					</div>
							</div>
		</div>

		<h2 class="m-0 mb-g mb-lg-3 h5 text-body">
			<a class="cta" data-bi-cn="Detecting and mitigating a multi-stage AiTM phishing and BEC campaign" data-bi-id="130433" data-bi-ct="title link" data-bi-tn="search-result-card" href="https://www.microsoft.com/en-us/security/blog/2023/06/08/detecting-and-mitigating-a-multi-stage-aitm-phishing-and-bec-campaign/">
				<span>Detecting and mitigating a multi-stage AiTM phishing and BEC campaign</span>&nbsp;<span class="glyph-prepend glyph-prepend-small glyph-prepend-chevron-right" aria-hidden="true"></span>
			</a>
		</h2>
		<p class="text-neutral-800">
			Microsoft Defender Experts observed a multi-stage adversary-in-the-middle (AiTM) and business email compromise (BEC) attack targeting banking and financial services organizations over two days. This attack originated from a compromised trusted vendor, involved AiTM and BEC attacks across multiple supplier/partner organizations for financial fraud, and did not use a reverse proxy like typical AiTM attacks.		</p>
	</div>

</article>
</li>

<li class="col d-flex">
	<article id="post-113472" class="card material-card post-113472 post type-post status-publish format-standard has-post-thumbnail hentry content-type-research topic-threat-intelligence threat-intelligence-ransomware tag-credential-theft tag-elevation-of-privilege tag-extortion tag-iced-id tag-lockbit tag-log4j tag-ransomware-as-a-service tag-trickbot">

			<div class="card__image card-img card__image--moray-material-card ">
			<a data-bi-cn="Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself" data-bi-id="113472" data-bi-ct="image link" href="https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/" aria-label="Read more about: Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself">
				<div class="embed-responsive embed-responsive-16by9">
					<img width="284" height="189" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2022/05/CLO22_SecOps_009.jpg" class="card-img embed-responsive-item img-object-cover wp-post-image" alt="" loading="lazy" />				</div>
			</a>
		</div>
	
	<div class="card__content card-body p-4">
		<div class="card__meta mb-g d-flex flex-wrap align-items-baseline">
							<div class="card__categories d-inline-flex align-items-center w-100 w-sm-auto small" data-bi-an="post-categories">
					<ul class="list-unstyled d-flex flex-wrap m-0">
													<li class="mr-2">
								<a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/content-type/research/" data-bi-cn="Research" data-bi-ct="cta link">
									Research								</a>
							</li>
														<li class="mr-2">
								<a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/topic/threat-intelligence/" data-bi-cn="Threat intelligence" data-bi-ct="cta link">
									Threat intelligence								</a>
							</li>
														<li class="">
								<a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/ransomware/" data-bi-cn="Ransomware" data-bi-ct="cta link">
									Ransomware								</a>
							</li>
											</ul></div> 						<div class="card__meta-group d-inline-flex">
				<div class="card__date d-sm-inline-flex align-items-center w-sm-auto font-weight-bold small">
					<span class="sr-only">Published</span> May 9				</div>
									<div class="card__read-time d-sm-inline-flex align-items-center font-weight-bold small">
						37 min read					</div>
							</div>
		</div>

		<h2 class="m-0 mb-g mb-lg-3 h5 text-body">
			<a class="cta" data-bi-cn="Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself" data-bi-id="113472" data-bi-ct="title link" data-bi-tn="search-result-card" href="https://www.microsoft.com/en-us/security/blog/2022/05/09/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself/">
				<span>Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself</span>&nbsp;<span class="glyph-prepend glyph-prepend-small glyph-prepend-chevron-right" aria-hidden="true"></span>
			</a>
		</h2>
		<p class="text-neutral-800">
			Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert human intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware as a service (RaaS) affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident.		</p>
	</div>

</article>
</li>

<li class="col d-flex">
	<article id="post-115803" class="card material-card post-115803 post type-post status-publish format-standard has-post-thumbnail hentry content-type-research topic-threat-intelligence threat-intelligence-ransomware tag-credential-theft tag-extortion tag-linux tag-lockbit tag-tempest">

			<div class="card__image card-img card__image--moray-material-card ">
			<a data-bi-cn="The many lives of BlackCat ransomware" data-bi-id="115803" data-bi-ct="image link" href="https://www.microsoft.com/en-us/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/" aria-label="Read more about: The many lives of BlackCat ransomware">
				<div class="embed-responsive embed-responsive-16by9">
					<img width="284" height="189" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2022/06/blackcat-featured-image.jpg" class="card-img embed-responsive-item img-object-cover wp-post-image" alt="CISO (chief information security officer) collaborating in a security operations center." loading="lazy" />				</div>
			</a>
		</div>
	
	<div class="card__content card-body p-4">
		<div class="card__meta mb-g d-flex flex-wrap align-items-baseline">
							<div class="card__categories d-inline-flex align-items-center w-100 w-sm-auto small" data-bi-an="post-categories">
					<ul class="list-unstyled d-flex flex-wrap m-0">
													<li class="mr-2">
								<a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/content-type/research/" data-bi-cn="Research" data-bi-ct="cta link">
									Research								</a>
							</li>
														<li class="mr-2">
								<a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/topic/threat-intelligence/" data-bi-cn="Threat intelligence" data-bi-ct="cta link">
									Threat intelligence								</a>
							</li>
														<li class="">
								<a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/ransomware/" data-bi-cn="Ransomware" data-bi-ct="cta link">
									Ransomware								</a>
							</li>
											</ul></div> 						<div class="card__meta-group d-inline-flex">
				<div class="card__date d-sm-inline-flex align-items-center w-sm-auto font-weight-bold small">
					<span class="sr-only">Published</span> Jun 13				</div>
									<div class="card__read-time d-sm-inline-flex align-items-center font-weight-bold small">
						15 min read					</div>
							</div>
		</div>

		<h2 class="m-0 mb-g mb-lg-3 h5 text-body">
			<a class="cta" data-bi-cn="The many lives of BlackCat ransomware" data-bi-id="115803" data-bi-ct="title link" data-bi-tn="search-result-card" href="https://www.microsoft.com/en-us/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/">
				<span>The many lives of BlackCat ransomware</span>&nbsp;<span class="glyph-prepend glyph-prepend-small glyph-prepend-chevron-right" aria-hidden="true"></span>
			</a>
		</h2>
		<p class="text-neutral-800">
			The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy.		</p>
	</div>

</article>
</li>

<li class="col d-flex">
	<article id="post-132748" class="card material-card post-132748 post type-post status-publish format-standard has-post-thumbnail hentry content-type-research topic-threat-intelligence products-microsoft-defender products-microsoft-defender-for-cloud products-microsoft-defender-for-cloud-apps products-microsoft-defender-for-office-365 products-microsoft-defender-xdr products-microsoft-entra products-microsoft-entra-id-protection products-microsoft-sentinel threat-intelligence-business-email-compromise threat-intelligence-cloud-threats threat-intelligence-cybercrime threat-intelligence-social-engineering-phishing tag-credential-theft tag-cryptocurrency-mining tag-storm tag-token-theft review-flag-1694638265-576 review-flag-1694638271-781 review-flag-1-1694638265-354 review-flag-2-1694638266-864 review-flag-3-1694638266-241 review-flag-4-1694638266-512 review-flag-5-1694638266-171 review-flag-6-1694638266-691 review-flag-7-1694638266-851 review-flag-9-1694638266-118 review-flag-anywh-1694638264-237 review-flag-lever-1694638263-909 review-flag-new-1694638263-340 review-flag-usd-1694638271-92 review-flag-vm-1694638271-244">

			<div class="card__image card-img card__image--moray-material-card ">
			<a data-bi-cn="Threat actors misuse OAuth applications to automate financially driven attacks" data-bi-id="132748" data-bi-ct="image link" href="https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/" aria-label="Read more about: Threat actors misuse OAuth applications to automate financially driven attacks">
				<div class="embed-responsive embed-responsive-16by9">
					<img width="336" height="189" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2023/12/MSC16_slalom_014-336x189.jpg" class="card-img embed-responsive-item img-object-cover wp-post-image" alt="Two male engineers sitting in front of a computer screen." loading="lazy" />				</div>
			</a>
		</div>
	
	<div class="card__content card-body p-4">
		<div class="card__meta mb-g d-flex flex-wrap align-items-baseline">
							<div class="card__categories d-inline-flex align-items-center w-100 w-sm-auto small" data-bi-an="post-categories">
					<ul class="list-unstyled d-flex flex-wrap m-0">
													<li class="mr-2">
								<a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/content-type/research/" data-bi-cn="Research" data-bi-ct="cta link">
									Research								</a>
							</li>
														<li class="mr-2">
								<a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/topic/threat-intelligence/" data-bi-cn="Threat intelligence" data-bi-ct="cta link">
									Threat intelligence								</a>
							</li>
														<li class="mr-2">
								<a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/products/microsoft-defender/" data-bi-cn="Microsoft Defender" data-bi-ct="cta link">
									Microsoft Defender								</a>
							</li>
														<li class="">
								<a class="font-weight-bold small" href="https://www.microsoft.com/en-us/security/blog/threat-intelligence/cybercrime/" data-bi-cn="Cybercrime" data-bi-ct="cta link">
									Cybercrime								</a>
							</li>
											</ul></div> 						<div class="card__meta-group d-inline-flex">
				<div class="card__date d-sm-inline-flex align-items-center w-sm-auto font-weight-bold small">
					<span class="sr-only">Published</span> Dec 12				</div>
									<div class="card__read-time d-sm-inline-flex align-items-center font-weight-bold small">
						16 min read					</div>
							</div>
		</div>

		<h2 class="m-0 mb-g mb-lg-3 h5 text-body">
			<a class="cta" data-bi-cn="Threat actors misuse OAuth applications to automate financially driven attacks" data-bi-id="132748" data-bi-ct="title link" data-bi-tn="search-result-card" href="https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/">
				<span>Threat actors misuse OAuth applications to automate financially driven attacks</span>&nbsp;<span class="glyph-prepend glyph-prepend-small glyph-prepend-chevron-right" aria-hidden="true"></span>
			</a>
		</h2>
		<p class="text-neutral-800">
			Microsoft Threat Intelligence presents cases of threat actors misusing OAuth applications as automation tools in financially motivated attacks. 		</p>
	</div>

</article>
</li>

						</ul>
					</div>
				</section>
			
		</main>

	




<footer>
	<div class="container">
		<section class="pt-5">
	<div class="card-offset mx-ng mx-md-0">
		<div class="row no-gutters material-surface material-color-brand-dark">
			<div class="d-flex col-md">
				<div class="card-body align-self-center">
					<h2>Get started with Microsoft Security</h2>

					<div class="mb-3">
						<p>Microsoft is a leader in cybersecurity, and we embrace our responsibility to make the world a safer place.</p>
					</div>

										<div class="link-group">
						<a
							data-bi-cn="Learn more"
							data-bi-ct="cta link"
							href="https://www.microsoft.com/en-us/security?wt.mc_id=AID730391_QSG_BLOG_319247&#038;ocid=AID730391_QSG_BLOG_319247"
							class="btn btn-inverted-primary text-black"
						>
							Learn more						</a>
					</div>
									</div>
			</div>
			<div class="col-md-6">
									<div class="card-img rounded-top-right">
						<picture>
							<img width="900" height="360" src="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2021/06/Security_Blog-banner_900x360.png" class="embed-responsive-item img-object-cover" alt="Banner that reads &quot;protect it all with Microsoft Security&quot;" decoding="async" loading="lazy" srcset="https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2021/06/Security_Blog-banner_900x360.png 900w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2021/06/Security_Blog-banner_900x360-300x120.png 300w, https://www.microsoft.com/en-us/security/blog/wp-content/uploads/2021/06/Security_Blog-banner_900x360-768x307.png 768w" sizes="(max-width: 900px) 100vw, 900px" />						</picture>
					</div>
							</div>
		</div>
	</div>
</section>
		
<section class="footer-social py-4 text-center" role="region" aria-label="social media links" data-bi-an="Global CTA Social">
	<h2 class="base font-weight-normal align-middle mr-3 mt-0 mb-3 mb-sm-0 d-sm-inline">
		Connect with us on social	</h2>

	<ul class="list-inline mb-0 d-inline-flex align-middle">
					<li class="list-inline-item mr-3">
				<a
					class="d-flex text-body"
					aria-label="Follow on X"
					data-bi-cn="Follow on X"
					href="https://twitter.com/msftsecurity"
					target="_blank"
				>
						<span  class="svg" aria-hidden="true">
		<svg width="29" height="29" viewBox="0 0 29 29" fill="none" xmlns="http://www.w3.org/2000/svg"><g><path d="M17.259 12.273 28.055 0h-2.558l-9.375 10.657L8.635 0H0l11.322 16.115L0 28.985h2.558l9.9-11.254 7.907 11.254H29L17.258 12.273Zm-3.504 3.984-1.147-1.605L3.48 1.884h3.93l7.366 10.304 1.147 1.605 9.575 13.394h-3.93l-7.813-10.93Z" fill="currentColor" /></g><defs><path fill="currentColor" d="M0 0h29v29H0z" /></defs></svg>	</span>
					</a>
			</li>
							<li class="list-inline-item mr-3">
				<a
					aria-label="Follow on YouTube"
					data-bi-cn="Follow on YouTube"
					href="https://www.youtube.com/channel/UC4s3tv0Qq_OSUBfR735Jc6A"
					target="_blank"
				>
						<span  class="svg" aria-hidden="true">
		<svg width="42" height="29" viewBox="0 0 42 29" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" d="M39.253 2.206a5.196 5.196 0 0 1 1.35 2.325c.846 3.23.863 9.976.863 9.976s0 6.745-.863 9.976a5.196 5.196 0 0 1-3.681 3.65C33.69 29 20.726 29 20.726 29s-12.961 0-16.192-.853A5.19 5.19 0 0 1 .87 24.483c-.867-3.231-.867-9.976-.867-9.976s0-6.745.867-9.976A5.19 5.19 0 0 1 4.534.867C7.762 0 20.726 0 20.726 0s12.962 0 16.196.867a5.196 5.196 0 0 1 2.331 1.339Zm-11.901 12.3L16.58 20.724V8.291l10.77 6.216Z" fill="red" /></svg>	</span>
					</a>
			</li>
							<li class="list-inline-item mr-3">
				<a
					class="d-flex"
					aria-label="Follow on LinkedIn"
					data-bi-cn="Follow on LinkedIn"
					href="https://www.linkedin.com/showcase/microsoft-security/"
					target="_blank"
				>
						<span  class="svg" aria-hidden="true">
		<svg width="30" height="29" viewBox="0 0 30 29" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M25.011 24.711h-4.203v-6.744c0-1.59-.047-3.66-2.172-3.66-2.172 0-2.55 1.734-2.55 3.564v6.84h-4.203V10.886h4.014v1.879h.047a4.31 4.31 0 0 1 4.014-2.216c4.25 0 5.053 2.89 5.053 6.6v7.562ZM7.114 9.008c-1.37 0-2.456-1.108-2.456-2.505 0-1.397 1.087-2.505 2.456-2.505 1.37 0 2.455 1.108 2.455 2.505 0 1.397-1.086 2.505-2.455 2.505ZM9.239 24.71h-4.25V10.886h4.203v13.825h.047ZM27.136 0H2.864A2.076 2.076 0 0 0 .786 2.071v24.856c0 1.156.945 2.12 2.078 2.071h24.225c1.133 0 2.078-.915 2.125-2.071V2.071A2.076 2.076 0 0 0 27.136 0Z" fill="#0A66C1" /></svg>	</span>
					</a>
			</li>
			</ul>
</section>
	</div>
</footer>


<div id="footerArea" class="uhf"  data-m='{"cN":"footerArea","cT":"Area_coreuiArea","id":"a2Body","sN":2,"aN":"Body"}'>
                <div id="footerRegion"      data-region-key="footerregion" data-m='{"cN":"footerRegion","cT":"Region_coreui-region","id":"r1a2","sN":1,"aN":"a2"}' >

    <div  id="footerUniversalFooter" data-m='{"cN":"footerUniversalFooter","cT":"Module_coreui-universalfooter","id":"m1r1a2","sN":1,"aN":"r1a2"}'  data-module-id="Category|footerRegion|coreui-region|footerUniversalFooter|coreui-universalfooter">
        



<footer id="uhf-footer" class="c-uhff context-uhf"  data-uhf-mscc-rq="false" data-footer-footprint="/MSSecurity/MSSecurityFooter, fromService: True" data-m='{"cN":"Uhf footer_cont","cT":"Container","id":"c1m1r1a2","sN":1,"aN":"m1r1a2"}'>
        <nav class="c-uhff-nav" aria-label="Footer Resource links" data-m='{"cN":"Footer nav_cont","cT":"Container","id":"c1c1m1r1a2","sN":1,"aN":"c1m1r1a2"}'>
            
                <div class="c-uhff-nav-row">
                    <div class="c-uhff-nav-group" data-m='{"cN":"footerNavColumn1_cont","cT":"Container","id":"c1c1c1m1r1a2","sN":1,"aN":"c1c1m1r1a2"}'>
                        <div class="c-heading-4" role="heading" aria-level="2">What&#39;s new</div>
                        <ul class="c-list f-bare">
                            <li>
                                <a aria-label="Surface Laptop Studio 2 What&#39;s new" class="c-uhff-link" href="https://www.microsoft.com/en-us/d/Surface-Laptop-Studio-2/8rqr54krf1dz" data-m='{"cN":"Footer_WhatsNew_SurfaceLaptopStudio2_nav","id":"n1c1c1c1m1r1a2","sN":1,"aN":"c1c1c1m1r1a2"}'>Surface Laptop Studio 2</a>
                            </li>
                            <li>
                                <a aria-label="Surface Laptop Go 3 What&#39;s new" class="c-uhff-link" href="https://www.microsoft.com/en-us/d/Surface-Laptop-Go-3/8p0wwgj6c6l2" data-m='{"cN":"Footer_WhatsNew_SurfaceLaptopGo3_nav","id":"n2c1c1c1m1r1a2","sN":2,"aN":"c1c1c1m1r1a2"}'>Surface Laptop Go 3</a>
                            </li>
                            <li>
                                <a aria-label="Surface Pro 9 What&#39;s new" class="c-uhff-link" href="https://www.microsoft.com/en-us/d/surface-pro-9/93VKD8NP4FVK" data-m='{"cN":"Footer_WhatsNew_NewSurfacePro8_nav","id":"n3c1c1c1m1r1a2","sN":3,"aN":"c1c1c1m1r1a2"}'>Surface Pro 9</a>
                            </li>
                            <li>
                                <a aria-label="Surface Laptop 5 What&#39;s new" class="c-uhff-link" href="https://www.microsoft.com/en-us/d/surface-laptop-5/8XN49V61S1BN" data-m='{"cN":"Footer_WhatsNew_SurfaceLaptop2_nav","id":"n4c1c1c1m1r1a2","sN":4,"aN":"c1c1c1m1r1a2"}'>Surface Laptop 5</a>
                            </li>
                            <li>
                                <a aria-label="Surface Studio 2+ What&#39;s new" class="c-uhff-link" href="https://www.microsoft.com/en-us/d/surface-studio-2plus/8VLFQC3597K4" data-m='{"cN":"Footer_WhatsNew_SurfaceStudio_nav","id":"n5c1c1c1m1r1a2","sN":5,"aN":"c1c1c1m1r1a2"}'>Surface Studio 2+</a>
                            </li>
                            <li>
                                <a aria-label="Copilot in Windows What&#39;s new" class="c-uhff-link" href="https://www.microsoft.com/en-us/windows/copilot-ai-features" data-m='{"cN":"Whatsnew_CopilotinWindows_nav","id":"n6c1c1c1m1r1a2","sN":6,"aN":"c1c1c1m1r1a2"}'>Copilot in Windows</a>
                            </li>
                            <li>
                                <a aria-label="Microsoft 365 What&#39;s new" class="c-uhff-link" href="https://www.microsoft.com/en-us/microsoft-365" data-m='{"cN":"Footer_WhatsNew_Microsoft365_nav","id":"n7c1c1c1m1r1a2","sN":7,"aN":"c1c1c1m1r1a2"}'>Microsoft 365</a>
                            </li>
                            <li>
                                <a aria-label="Windows 11 apps What&#39;s new" class="c-uhff-link" href="https://www.microsoft.com/windows/windows-11-apps" data-m='{"cN":"Footer_WhatsNew_Windows_11_apps_nav","id":"n8c1c1c1m1r1a2","sN":8,"aN":"c1c1c1m1r1a2"}'>Windows 11 apps</a>
                            </li>

                        </ul>
                        
                    </div>
                    <div class="c-uhff-nav-group" data-m='{"cN":"footerNavColumn2_cont","cT":"Container","id":"c2c1c1m1r1a2","sN":2,"aN":"c1c1m1r1a2"}'>
                        <div class="c-heading-4" role="heading" aria-level="2">Microsoft Store</div>
                        <ul class="c-list f-bare">
                            <li>
                                <a aria-label="Account profile Microsoft Store" class="c-uhff-link" href="https://account.microsoft.com/" data-m='{"cN":"Footer_StoreandSupport_AccountProfile_nav","id":"n1c2c1c1m1r1a2","sN":1,"aN":"c2c1c1m1r1a2"}'>Account profile</a>
                            </li>
                            <li>
                                <a aria-label="Download Center Microsoft Store" class="c-uhff-link" href="https://www.microsoft.com/en-us/download" data-m='{"cN":"Footer_StoreandSupport_DownloadCenter_nav","id":"n2c2c1c1m1r1a2","sN":2,"aN":"c2c1c1m1r1a2"}'>Download Center</a>
                            </li>
                            <li>
                                <a aria-label="Microsoft Store support Microsoft Store" class="c-uhff-link" href="https://go.microsoft.com/fwlink/?linkid=2139749" data-m='{"cN":"Footer_StoreandSupport_SalesAndSupport_nav","id":"n3c2c1c1m1r1a2","sN":3,"aN":"c2c1c1m1r1a2"}'>Microsoft Store support</a>
                            </li>
                            <li>
                                <a aria-label="Returns Microsoft Store" class="c-uhff-link" href="https://www.microsoft.com/en-us/store/b/returns" data-m='{"cN":"Footer_StoreandSupport_Returns_nav","id":"n4c2c1c1m1r1a2","sN":4,"aN":"c2c1c1m1r1a2"}'>Returns</a>
                            </li>
                            <li>
                                <a aria-label="Order tracking Microsoft Store" class="c-uhff-link" href="https://account.microsoft.com/orders" data-m='{"cN":"Footer_StoreandSupport_OrderTracking_nav","id":"n5c2c1c1m1r1a2","sN":5,"aN":"c2c1c1m1r1a2"}'>Order tracking</a>
                            </li>
                            <li>
                                <a aria-label="Certified Refurbished Microsoft Store" class="c-uhff-link" href="https://www.microsoft.com/en-us/store/b/certified-refurbished-products" data-m='{"cN":"Footer_StoreandSupport_StoreLocations_nav","id":"n6c2c1c1m1r1a2","sN":6,"aN":"c2c1c1m1r1a2"}'>Certified Refurbished</a>
                            </li>
                            <li>
                                <a aria-label="Microsoft Store Promise Microsoft Store" class="c-uhff-link" href="https://www.microsoft.com/en-us/store/b/why-microsoft-store?icid=footer_why-msft-store_7102020" data-m='{"cN":"Footer_StoreandSupport_MicrosoftPromise_nav","id":"n7c2c1c1m1r1a2","sN":7,"aN":"c2c1c1m1r1a2"}'>Microsoft Store Promise</a>
                            </li>
                            <li>
                                <a aria-label="Flexible Payments Microsoft Store" class="c-uhff-link" href="https://www.microsoft.com/en-us/store/b/payment-financing-options?icid=footer_financing_vcc" data-m='{"cN":"Footer_StoreandSupport_Financing_nav","id":"n8c2c1c1m1r1a2","sN":8,"aN":"c2c1c1m1r1a2"}'>Flexible Payments</a>
                            </li>

                        </ul>
                        
                    </div>
                    <div class="c-uhff-nav-group" data-m='{"cN":"footerNavColumn3_cont","cT":"Container","id":"c3c1c1m1r1a2","sN":3,"aN":"c1c1m1r1a2"}'>
                        <div class="c-heading-4" role="heading" aria-level="2">Education</div>
                        <ul class="c-list f-bare">
                            <li>
                                <a aria-label="Microsoft in education Education" class="c-uhff-link" href="https://www.microsoft.com/en-us/education" data-m='{"cN":"Footer_Education_MicrosoftInEducation_nav","id":"n1c3c1c1m1r1a2","sN":1,"aN":"c3c1c1m1r1a2"}'>Microsoft in education</a>
                            </li>
                            <li>
                                <a aria-label="Devices for education Education" class="c-uhff-link" href="https://www.microsoft.com/en-us/education/devices/overview" data-m='{"cN":"Footer_Education_DevicesforEducation_nav","id":"n2c3c1c1m1r1a2","sN":2,"aN":"c3c1c1m1r1a2"}'>Devices for education</a>
                            </li>
                            <li>
                                <a aria-label="Microsoft Teams for Education Education" class="c-uhff-link" href="https://www.microsoft.com/en-us/education/products/teams" data-m='{"cN":"Footer_Education_MicrosoftTeamsforEducation_nav","id":"n3c3c1c1m1r1a2","sN":3,"aN":"c3c1c1m1r1a2"}'>Microsoft Teams for Education</a>
                            </li>
                            <li>
                                <a aria-label="Microsoft 365 Education Education" class="c-uhff-link" href="https://www.microsoft.com/en-us/education/buy-license/microsoft365" data-m='{"cN":"Footer_Education_Microsoft365Education_nav","id":"n4c3c1c1m1r1a2","sN":4,"aN":"c3c1c1m1r1a2"}'>Microsoft 365 Education</a>
                            </li>
                            <li>
                                <a aria-label="How to buy for your school Education" class="c-uhff-link" href="https://www.microsoft.com/education/how-to-buy" data-m='{"cN":"Footer_Howtobuyforyourschool_nav","id":"n5c3c1c1m1r1a2","sN":5,"aN":"c3c1c1m1r1a2"}'>How to buy for your school</a>
                            </li>
                            <li>
                                <a aria-label="Educator training and development Education" class="c-uhff-link" href="https://education.microsoft.com/" data-m='{"cN":"Footer_Education_EducatorTrainingDevelopment_nav","id":"n6c3c1c1m1r1a2","sN":6,"aN":"c3c1c1m1r1a2"}'>Educator training and development</a>
                            </li>
                            <li>
                                <a aria-label="Deals for students and parents Education" class="c-uhff-link" href="https://www.microsoft.com/en-us/store/b/education" data-m='{"cN":"Footer_Education_DealsForStudentsandParents_nav","id":"n7c3c1c1m1r1a2","sN":7,"aN":"c3c1c1m1r1a2"}'>Deals for students and parents</a>
                            </li>
                            <li>
                                <a aria-label="Azure for students Education" class="c-uhff-link" href="https://azure.microsoft.com/en-us/free/students/" data-m='{"cN":"Footer_Education_Azureforstudents_nav","id":"n8c3c1c1m1r1a2","sN":8,"aN":"c3c1c1m1r1a2"}'>Azure for students</a>
                            </li>

                        </ul>
                        
                    </div>
                </div>
                <div class="c-uhff-nav-row">
                    <div class="c-uhff-nav-group" data-m='{"cN":"footerNavColumn4_cont","cT":"Container","id":"c4c1c1m1r1a2","sN":4,"aN":"c1c1m1r1a2"}'>
                        <div class="c-heading-4" role="heading" aria-level="2">Business</div>
                        <ul class="c-list f-bare">
                            <li>
                                <a aria-label="Microsoft Cloud Business" class="c-uhff-link" href="https://www.microsoft.com/en-us/microsoft-cloud" data-m='{"cN":"Footer_Business_Microsoft_Cloud_nav","id":"n1c4c1c1m1r1a2","sN":1,"aN":"c4c1c1m1r1a2"}'>Microsoft Cloud</a>
                            </li>
                            <li>
                                <a aria-label="Microsoft Security Business" class="c-uhff-link" href="https://www.microsoft.com/en-us/security" data-m='{"cN":"Footer_Business_Microsoft Security_nav","id":"n2c4c1c1m1r1a2","sN":2,"aN":"c4c1c1m1r1a2"}'>Microsoft Security</a>
                            </li>
                            <li>
                                <a aria-label="Dynamics 365 Business" class="c-uhff-link" href="https://www.microsoft.com/en-us/dynamics-365" data-m='{"cN":"Footer_Business_MicrosoftDynamics365_nav","id":"n3c4c1c1m1r1a2","sN":3,"aN":"c4c1c1m1r1a2"}'>Dynamics 365</a>
                            </li>
                            <li>
                                <a aria-label="Microsoft 365 Business" class="c-uhff-link" href="https://www.microsoft.com/en-us/microsoft-365/business" data-m='{"cN":"Footer_Business_M365_nav","id":"n4c4c1c1m1r1a2","sN":4,"aN":"c4c1c1m1r1a2"}'>Microsoft 365</a>
                            </li>
                            <li>
                                <a aria-label="Microsoft Power Platform Business" class="c-uhff-link" href="https://www.microsoft.com/en-us/power-platform" data-m='{"cN":"Footer_DeveloperAndIT_Power Platform_nav","id":"n5c4c1c1m1r1a2","sN":5,"aN":"c4c1c1m1r1a2"}'>Microsoft Power Platform</a>
                            </li>
                            <li>
                                <a aria-label="Microsoft Teams Business" class="c-uhff-link" href="https://www.microsoft.com/en-us/microsoft-teams/group-chat-software" data-m='{"cN":"Footer_Business_Microsoft365_nav","id":"n6c4c1c1m1r1a2","sN":6,"aN":"c4c1c1m1r1a2"}'>Microsoft Teams</a>
                            </li>
                            <li>
                                <a aria-label="Microsoft Industry Business" class="c-uhff-link" href="https://www.microsoft.com/en-us/industry" data-m='{"cN":"Footer_Business_MicrosoftIndustry_nav","id":"n7c4c1c1m1r1a2","sN":7,"aN":"c4c1c1m1r1a2"}'>Microsoft Industry</a>
                            </li>
                            <li>
                                <a aria-label="Small Business Business" class="c-uhff-link" href="https://www.microsoft.com/en-us/store/b/business?icid=CNavBusinessStore" data-m='{"cN":"Footer_Business-SmallBusiness_nav","id":"n8c4c1c1m1r1a2","sN":8,"aN":"c4c1c1m1r1a2"}'>Small Business</a>
                            </li>

                        </ul>
                        
                    </div>
                    <div class="c-uhff-nav-group" data-m='{"cN":"footerNavColumn5_cont","cT":"Container","id":"c5c1c1m1r1a2","sN":5,"aN":"c1c1m1r1a2"}'>
                        <div class="c-heading-4" role="heading" aria-level="2">Developer &amp; IT</div>
                        <ul class="c-list f-bare">
                            <li>
                                <a aria-label="Azure Developer &amp; IT" class="c-uhff-link" href="https://azure.microsoft.com/en-us/" data-m='{"cN":"Footer_DeveloperAndIT_MicrosoftAzure_nav","id":"n1c5c1c1m1r1a2","sN":1,"aN":"c5c1c1m1r1a2"}'>Azure</a>
                            </li>
                            <li>
                                <a aria-label="Developer Center Developer &amp; IT" class="c-uhff-link" href="https://developer.microsoft.com/en-us/" data-m='{"cN":"Footer_DeveloperAndIT_DeveloperCenter_nav","id":"n2c5c1c1m1r1a2","sN":2,"aN":"c5c1c1m1r1a2"}'>Developer Center</a>
                            </li>
                            <li>
                                <a aria-label="Documentation Developer &amp; IT" class="c-uhff-link" href="https://learn.microsoft.com/docs/" data-m='{"cN":"Footer_DeveloperAndIT_Documentation_nav","id":"n3c5c1c1m1r1a2","sN":3,"aN":"c5c1c1m1r1a2"}'>Documentation</a>
                            </li>
                            <li>
                                <a aria-label="Microsoft Learn Developer &amp; IT" class="c-uhff-link" href="https://learn.microsoft.com/" data-m='{"cN":"Footer_DeveloperAndIT_MicrosoftLearn_nav","id":"n4c5c1c1m1r1a2","sN":4,"aN":"c5c1c1m1r1a2"}'>Microsoft Learn</a>
                            </li>
                            <li>
                                <a aria-label="Microsoft Tech Community Developer &amp; IT" class="c-uhff-link" href="https://techcommunity.microsoft.com/" data-m='{"cN":"Footer_DeveloperAndIT_MicrosoftTechCommunity_nav","id":"n5c5c1c1m1r1a2","sN":5,"aN":"c5c1c1m1r1a2"}'>Microsoft Tech Community</a>
                            </li>
                            <li>
                                <a aria-label="Azure Marketplace Developer &amp; IT" class="c-uhff-link" href="https://azuremarketplace.microsoft.com/en-us/" data-m='{"cN":"Footer_DeveloperAndIT_AzureMarketplace_nav","id":"n6c5c1c1m1r1a2","sN":6,"aN":"c5c1c1m1r1a2"}'>Azure Marketplace</a>
                            </li>
                            <li>
                                <a aria-label="AppSource Developer &amp; IT" class="c-uhff-link" href="https://appsource.microsoft.com/en-us/" data-m='{"cN":"Footer_DeveloperAndIT_AppSource_nav","id":"n7c5c1c1m1r1a2","sN":7,"aN":"c5c1c1m1r1a2"}'>AppSource</a>
                            </li>
                            <li>
                                <a aria-label="Visual Studio Developer &amp; IT" class="c-uhff-link" href="https://visualstudio.microsoft.com/" data-m='{"cN":"Footer_DeveloperAndIT_MicrosoftVisualStudio_nav","id":"n8c5c1c1m1r1a2","sN":8,"aN":"c5c1c1m1r1a2"}'>Visual Studio</a>
                            </li>

                        </ul>
                        
                    </div>
                    <div class="c-uhff-nav-group" data-m='{"cN":"footerNavColumn6_cont","cT":"Container","id":"c6c1c1m1r1a2","sN":6,"aN":"c1c1m1r1a2"}'>
                        <div class="c-heading-4" role="heading" aria-level="2">Company</div>
                        <ul class="c-list f-bare">
                            <li>
                                <a aria-label="Careers Company" class="c-uhff-link" href="https://careers.microsoft.com/" data-m='{"cN":"Footer_Company_Careers_nav","id":"n1c6c1c1m1r1a2","sN":1,"aN":"c6c1c1m1r1a2"}'>Careers</a>
                            </li>
                            <li>
                                <a aria-label="About Microsoft Company" class="c-uhff-link" href="https://www.microsoft.com/en-us/about" data-m='{"cN":"Footer_Company_AboutMicrosoft_nav","id":"n2c6c1c1m1r1a2","sN":2,"aN":"c6c1c1m1r1a2"}'>About Microsoft</a>
                            </li>
                            <li>
                                <a aria-label="Company news Company" class="c-uhff-link" href="https://news.microsoft.com/" data-m='{"cN":"Footer_Company_CompanyNews_nav","id":"n3c6c1c1m1r1a2","sN":3,"aN":"c6c1c1m1r1a2"}'>Company news</a>
                            </li>
                            <li>
                                <a aria-label="Privacy at Microsoft Company" class="c-uhff-link" href="https://privacy.microsoft.com/en-us" data-m='{"cN":"Footer_Company_PrivacyAtMicrosoft_nav","id":"n4c6c1c1m1r1a2","sN":4,"aN":"c6c1c1m1r1a2"}'>Privacy at Microsoft</a>
                            </li>
                            <li>
                                <a aria-label="Investors Company" class="c-uhff-link" href="https://www.microsoft.com/investor/default.aspx" data-m='{"cN":"Footer_Company_Investors_nav","id":"n5c6c1c1m1r1a2","sN":5,"aN":"c6c1c1m1r1a2"}'>Investors</a>
                            </li>
                            <li>
                                <a aria-label="Diversity and inclusion Company" class="c-uhff-link" href="https://www.microsoft.com/en-us/diversity/" data-m='{"cN":"Footer_Company_DiversityAndInclusion_nav","id":"n6c6c1c1m1r1a2","sN":6,"aN":"c6c1c1m1r1a2"}'>Diversity and inclusion</a>
                            </li>
                            <li>
                                <a aria-label="Accessibility Company" class="c-uhff-link" href="https://www.microsoft.com/en-us/accessibility" data-m='{"cN":"Footer_Company_Accessibility_nav","id":"n7c6c1c1m1r1a2","sN":7,"aN":"c6c1c1m1r1a2"}'>Accessibility</a>
                            </li>
                            <li>
                                <a aria-label="Sustainability Company" class="c-uhff-link" href="https://www.microsoft.com/en-us/sustainability/" data-m='{"cN":"Footer_Company_Sustainability_nav","id":"n8c6c1c1m1r1a2","sN":8,"aN":"c6c1c1m1r1a2"}'>Sustainability</a>
                            </li>

                        </ul>
                        
                    </div>
                </div>
        </nav>
    <div class="c-uhff-base">
                <a id="locale-picker-link" aria-label="Content Language Selector. Currently set to English (United States)" class="c-uhff-link c-uhff-lang-selector c-glyph glyph-world" href="https://www.microsoft.com/en-us/security/locale" data-m='{"cN":"locale_picker(US)_nav","id":"n7c1c1m1r1a2","sN":7,"aN":"c1c1m1r1a2"}'>English (United States)</a>

            <a data-m='{"id":"n8c1c1m1r1a2","sN":8,"aN":"c1c1m1r1a2"}' href="https://aka.ms/yourcaliforniaprivacychoices" class='c-uhff-link c-uhff-ccpa'>
        <svg role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 30 14" xml:space="preserve" height="16" width="43">
            <title>California Consumer Privacy Act (CCPA) Opt-Out Icon</title>
            <path d="M7.4 12.8h6.8l3.1-11.6H7.4C4.2 1.2 1.6 3.8 1.6 7s2.6 5.8 5.8 5.8z" style="fill-rule:evenodd;clip-rule:evenodd;fill:#fff"/>
            <path d="M22.6 0H7.4c-3.9 0-7 3.1-7 7s3.1 7 7 7h15.2c3.9 0 7-3.1 7-7s-3.2-7-7-7zm-21 7c0-3.2 2.6-5.8 5.8-5.8h9.9l-3.1 11.6H7.4c-3.2 0-5.8-2.6-5.8-5.8z" style="fill-rule:evenodd;clip-rule:evenodd;fill:#06f"/>
            <path d="M24.6 4c.2.2.2.6 0 .8L22.5 7l2.2 2.2c.2.2.2.6 0 .8-.2.2-.6.2-.8 0l-2.2-2.2-2.2 2.2c-.2.2-.6.2-.8 0-.2-.2-.2-.6 0-.8L20.8 7l-2.2-2.2c-.2-.2-.2-.6 0-.8.2-.2.6-.2.8 0l2.2 2.2L23.8 4c.2-.2.6-.2.8 0z" style="fill:#fff"/>
            <path d="M12.7 4.1c.2.2.3.6.1.8L8.6 9.8c-.1.1-.2.2-.3.2-.2.1-.5.1-.7-.1L5.4 7.7c-.2-.2-.2-.6 0-.8.2-.2.6-.2.8 0L8 8.6l3.8-4.5c.2-.2.6-.2.9 0z" style="fill:#06f"/>
        </svg>
        <span>Your Privacy Choices</span>
    </a>

        <noscript>
                <a data-m='{"id":"n9c1c1m1r1a2","sN":9,"aN":"c1c1m1r1a2"}' href="https://aka.ms/yourcaliforniaprivacychoices" class='c-uhff-link c-uhff-ccpa'>
        <svg role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 30 14" xml:space="preserve" height="16" width="43">
            <title>California Consumer Privacy Act (CCPA) Opt-Out Icon</title>
            <path d="M7.4 12.8h6.8l3.1-11.6H7.4C4.2 1.2 1.6 3.8 1.6 7s2.6 5.8 5.8 5.8z" style="fill-rule:evenodd;clip-rule:evenodd;fill:#fff"/>
            <path d="M22.6 0H7.4c-3.9 0-7 3.1-7 7s3.1 7 7 7h15.2c3.9 0 7-3.1 7-7s-3.2-7-7-7zm-21 7c0-3.2 2.6-5.8 5.8-5.8h9.9l-3.1 11.6H7.4c-3.2 0-5.8-2.6-5.8-5.8z" style="fill-rule:evenodd;clip-rule:evenodd;fill:#06f"/>
            <path d="M24.6 4c.2.2.2.6 0 .8L22.5 7l2.2 2.2c.2.2.2.6 0 .8-.2.2-.6.2-.8 0l-2.2-2.2-2.2 2.2c-.2.2-.6.2-.8 0-.2-.2-.2-.6 0-.8L20.8 7l-2.2-2.2c-.2-.2-.2-.6 0-.8.2-.2.6-.2.8 0l2.2 2.2L23.8 4c.2-.2.6-.2.8 0z" style="fill:#fff"/>
            <path d="M12.7 4.1c.2.2.3.6.1.8L8.6 9.8c-.1.1-.2.2-.3.2-.2.1-.5.1-.7-.1L5.4 7.7c-.2-.2-.2-.6 0-.8.2-.2.6-.2.8 0L8 8.6l3.8-4.5c.2-.2.6-.2.9 0z" style="fill:#06f"/>
        </svg>
        <span>Your Privacy Choices</span>
    </a>

        </noscript>
        <nav aria-label="Microsoft corporate links">
            <ul class="c-list f-bare" data-m='{"cN":"Corp links_cont","cT":"Container","id":"c10c1c1m1r1a2","sN":10,"aN":"c1c1m1r1a2"}'>
                                <li  id="c-uhff-footer_sitemap">
                    <a class="c-uhff-link" href="https://www.microsoft.com/en-us/sitemap1.aspx" data-mscc-ic="false" data-m='{"cN":"Footer_Sitemap_nav","id":"n1c10c1c1m1r1a2","sN":1,"aN":"c10c1c1m1r1a2"}'>Sitemap</a>
                </li>
                <li  id="c-uhff-footer_contactus">
                    <a class="c-uhff-link" href="https://support.microsoft.com/contactus" data-mscc-ic="false" data-m='{"cN":"Footer_ContactUs_nav","id":"n2c10c1c1m1r1a2","sN":2,"aN":"c10c1c1m1r1a2"}'>Contact Microsoft</a>
                </li>
                <li  id="c-uhff-footer_privacyandcookies">
                    <a class="c-uhff-link" href="https://go.microsoft.com/fwlink/?LinkId=521839" data-mscc-ic="false" data-m='{"cN":"Footer_PrivacyandCookies_nav","id":"n3c10c1c1m1r1a2","sN":3,"aN":"c10c1c1m1r1a2"}'>Privacy </a>
                </li>
                <li class=" x-hidden" id="c-uhff-footer_managecookies">
                    <a class="c-uhff-link" href="#" data-mscc-ic="false" data-m='{"cN":"Footer_ManageCookies_nav","id":"n4c10c1c1m1r1a2","sN":4,"aN":"c10c1c1m1r1a2"}'>Manage cookies</a>
                </li>
                <li  id="c-uhff-footer_termsofuse">
                    <a class="c-uhff-link" href="https://go.microsoft.com/fwlink/?LinkID=206977" data-mscc-ic="false" data-m='{"cN":"Footer_TermsOfUse_nav","id":"n5c10c1c1m1r1a2","sN":5,"aN":"c10c1c1m1r1a2"}'>Terms of use</a>
                </li>
                <li  id="c-uhff-footer_trademarks">
                    <a class="c-uhff-link" href="https://go.microsoft.com/fwlink/?linkid=2196228" data-mscc-ic="false" data-m='{"cN":"Footer_Trademarks_nav","id":"n6c10c1c1m1r1a2","sN":6,"aN":"c10c1c1m1r1a2"}'>Trademarks</a>
                </li>
                <li  id="c-uhff-footer_safetyandeco">
                    <a class="c-uhff-link" href="https://go.microsoft.com/fwlink/?linkid=2196227" data-mscc-ic="false" data-m='{"cN":"Footer_SafetyAndEco_nav","id":"n7c10c1c1m1r1a2","sN":7,"aN":"c10c1c1m1r1a2"}'>Safety &amp; eco</a>
                </li>
                <li  id="c-uhff-recycling">
                    <a class="c-uhff-link" href="https://www.microsoft.com/en-us/legal/compliance/recycling" data-mscc-ic="false" data-m='{"cN":"Recycling_nav","id":"n8c10c1c1m1r1a2","sN":8,"aN":"c10c1c1m1r1a2"}'>Recycling</a>
                </li>
                <li  id="c-uhff-footer_aboutourads">
                    <a class="c-uhff-link" href="https://choice.microsoft.com" data-mscc-ic="false" data-m='{"cN":"Footer_AboutourAds_nav","id":"n9c10c1c1m1r1a2","sN":9,"aN":"c10c1c1m1r1a2"}'>About our ads</a>
                </li>

                <li>&#169; Microsoft 2024</li>
                
            </ul>
        </nav>
    </div>
    
</footer>

<script id="uhf-footer-ccpa">
    const globalPrivacyControlEnabled = navigator.globalPrivacyControl;

    const GPC_DataSharingOptIn = (globalPrivacyControlEnabled) ? false : checkThirdPartyAdsOptOutCookie();

    function checkThirdPartyAdsOptOutCookie() {
        try {
            const ThirdPartyAdsOptOutCookieName = '3PAdsOptOut';
            var cookieValue = getCookie(ThirdPartyAdsOptOutCookieName);
            return cookieValue != 1;
        } catch {
            return true;
        }
    }

    function getCookie(cookieName) {
        var cookieValue = document.cookie.match('(^|;)\\s*' + cookieName + '\\s*=\\s*([^;]+)');
        return (cookieValue) ? cookieValue[2] : '';
    }
</script>





    </div>
        </div>

    </div>
	<script>
		function onConsentChanged( categoryPreferences ) {
			Metrics_3P_Scripts();

			// If any categories are disabled, clear all cookies
			if ( ! siteConsent.getConsentFor( WcpConsent.consentCategories.Analytics ) ) {
				Metrics_Clear_Cookies( 'Analytics' );
			}

			if ( ! siteConsent.getConsentFor( WcpConsent.consentCategories.Advertising ) ) {
				Metrics_Clear_Cookies( 'Advertising' );
			}

			if ( ! siteConsent.getConsentFor( WcpConsent.consentCategories.SocialMedia ) ) {
				Metrics_Clear_Cookies( 'SocialMedia' );
			}
		}

		function Metrics_Clear_Cookies( category ) {
			var all_cookies = document.cookie.split(";");

			// array of cookie names to clear
			const cookie_names = [
				'_clck',
				'_clsk',
				'_fbp',
				'_uetvid',
				'mbox',
				'AnalyticsSyncHistory',
				'bcookie',
				'bscookie',
				'li_sugr',
				'lidc',
				'li_gc',
				'UserMatchHistory',
			];

			for ( var i = 0; i < all_cookies.length; i++ ) {
				var cookie_name = all_cookies[i].split("=")[0].trim();
				if ( cookie_names.includes( cookie_name ) ) {
					document.cookie = cookie_name + '=;expires=Thu, 01 Jan 1970 00:00:01 GMT;';
				}
			}
		}

		function Metrics_3P_Scripts(){

			// if GPC_DataSharingOptIn is set and true set Metrics_3POptIn
			var Metrics_3P_OptIn = false;
			if ( typeof GPC_DataSharingOptIn !== 'undefined' && GPC_DataSharingOptIn ) {
				Metrics_3P_OptIn = true;
			} else {
				Metrics_3P_OptIn = false;
				Metrics_Clear_Cookies();
			}

			if ( siteConsent.getConsentFor( WcpConsent.consentCategories.Analytics ) && Metrics_3P_OptIn ) {
									if ( typeof microsoftAds === "function" ) {
						microsoftAds(); 
					}
				
				if ( siteConsent.getConsentFor( WcpConsent.consentCategories.Advertising ) ) {
											if ( typeof adobeTargetTracking === "function" ) {
							adobeTargetTracking(); 
						}
											if ( typeof clarityTracking === "function" ) {
							clarityTracking(); 
						}
					
					if ( siteConsent.getConsentFor( WcpConsent.consentCategories.SocialMedia ) ) {
													if ( typeof facebookTracking === "function" ) {
								facebookTracking(); 
							}
													if ( typeof linkedinTracking === "function" ) {
								linkedinTracking(); 
							}
											}
				}

				if ( siteConsent.getConsentFor( WcpConsent.consentCategories.SocialMedia ) ) {
									}
			}

			if ( siteConsent.getConsentFor( WcpConsent.consentCategories.Advertising ) && Metrics_3P_OptIn ) {
									if ( typeof doubleclickTracking === "function" ) {
						doubleclickTracking(); 
					}
				
				if ( siteConsent.getConsentFor( WcpConsent.consentCategories.SocialMedia ) ) {
									}
			}

			if ( siteConsent.getConsentFor( WcpConsent.consentCategories.SocialMedia ) && Metrics_3P_OptIn ) {
							}
		}

					window.WcpConsent && WcpConsent.init( "en-US", "ms-cookie-banner", function (err, _siteConsent) {

				if ( ! err ) {
					siteConsent = _siteConsent;  //siteConsent is used to get the current consent

					var consentRequiredElementExists = document.getElementById( "c-uhff-footer_managecookies" ) && siteConsent.isConsentRequired;

					if ( consentRequiredElementExists ) {
						document.getElementById( "c-uhff-footer_managecookies" ).classList.remove("x-hidden");
						document.getElementById( "c-uhff-footer_managecookies" ).onclick = function() {
							siteConsent.manageConsent();
						};
					}

					Metrics_3P_Scripts();

				} else {
					console.log( "Error initializing WcpConsent: " + err );
				}
			}, onConsentChanged );
				</script>
		<script type="text/template" id="js-uhf-rss-template">
		<div class="btn-group" id="filters-rss">
			<a
				href="https://www.microsoft.com/en-us/security/blog/feed"
				class="btn"
				aria-label="RSS Feed"
			>
				<img src="https://www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-uhf/assets/icon-rss.svg" alt="RSS Feed"/>
			</a>
		</div>
	</script>
	<script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/js/moray-scripts.js?ver=10d4fdaa712d2e5df7f7" id="mse-moray-scripts-js"></script>
<script type="text/javascript" id="frontend-js-extra">
/* <![CDATA[ */
var securityBlog = {"i18n":{"more":"more","less":"less","more_tags":"View more tags","less_tags":"View less tags"}};
/* ]]> */
</script>
<script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-content/themes/security-blog/dist/js/frontend.js?ver=e482992b5dbefcaf3e82" id="frontend-js"></script>
<script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2" id="wp-polyfill-inert-js"></script>
<script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.0" id="regenerator-runtime-js"></script>
<script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0" id="wp-polyfill-js"></script>
<script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/dom-ready.min.js?ver=392bdd43726760d1f3ca" id="wp-dom-ready-js"></script>
<script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/hooks.min.js?ver=c6aec9a8d4e5a5d543a1" id="wp-hooks-js"></script>
<script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/i18n.min.js?ver=7701b0c3857f914212ef" id="wp-i18n-js"></script>
<script type="text/javascript" id="wp-i18n-js-after">
/* <![CDATA[ */
wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } );
/* ]]> */
</script>
<script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-includes/js/dist/a11y.min.js?ver=7032343a947cfccf5608" id="wp-a11y-js"></script>
<script type="text/javascript" id="msx-frontend-js-extra">
/* <![CDATA[ */
var msx = {"darkModeToggle":"1","i18n":{"loadMore":"Load more","loading":"Loading","loadingStart":"Loading more. Please wait.","loadingEnd":"Loading complete. %d items added.","loadMoreAriaLabel":"Load more results","light":"Switch the site theme to: dark","dark":"Switch the site theme to: light","toggleOptionLight":"Light","toggleOptionDark":"Dark"}};
/* ]]> */
</script>
<script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-content/themes/xtheme/dist/js/frontend.js?ver=1708357133" id="msx-frontend-js"></script>
<script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-content/plugins/cloud-marketing-modules/dist/js/frontend.js?ver=1.0.11" id="msxcm-frontend-js"></script>
<script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/assets/js/vendor/focus-within.js?ver=1.3.9" id="ms-oembed-focus-within-js"></script>
<script type="text/javascript" id="ms-oembed-gif-script-js-extra">
/* <![CDATA[ */
var msgifs = {"play":"Play animated gif","pause":"Pause animated gif"};
/* ]]> */
</script>
<script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-content/plugins/oembeds/dist/js/ms-oembed-lib-gif.js?ver=76f838e8af84044e0283" id="ms-oembed-gif-script-js"></script>
<script type="text/javascript" id="microsoft-uhf-js-extra">
/* <![CDATA[ */
var microsoftUhfSettings = {"homePath":"\/en-us\/security\/blog\/","loginUrl":"","logoutUrl":"","scripts":[],"inline":[]};
/* ]]> */
</script>
<script type="text/javascript" src="https://www.microsoft.com/en-us/security/blog/wp-content/plugins/microsoft-uhf/assets/microsoft-uhf.js?ver=0.4.0" id="microsoft-uhf-js"></script>
	<!-- JSLL tracking -->
	<script>
		// 1DS initialization

		const analytics = new oneDS.ApplicationInsights();
		var config = {
			instrumentationKey: "cb68b8f590184975aa5eb4ed576fb074-e666ac9b-fa31-4339-8b9c-775f4bae31f3-6978",
			propertyConfiguration: {
				gpcDataSharingOptIn: ( typeof GPC_DataSharingOptIn !== "undefined" ) ? GPC_DataSharingOptIn : true,
				callback: {
					userConsentDetails: ( typeof siteConsent !== "undefined" ) ? siteConsent.getConsent : WcpConsent.siteConsent
				},
			},
			webAnalyticsConfiguration:{
				coreData: {"pageName":"Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction","pageType":"Post"},
				urlCollectQuery: true,
				urlCollectHash: true,
				autoCapture: {
					scroll: true,
					pageView: true,
					onLoad: true,
					onUnload: true,
					click: true,
					scroll: true,
					resize: true,
					jsError: true
				}
			}
		};
		// Initialize OneDS SDK
		analytics.initialize( config, [] );
	</script>
	
</body>
</html>
